none
For SSL transport security, client how to get certificate from service? RRS feed

  • Question

  • Hi,

    For SSL transport security, we can use makecert commandline to create a test certificate. Here is I have a question, why we said it can only be used as a test certificate. It can't use a real enviornment. Why MSDN said that.

    If we have to create a certificate application in win2003 server, we can create a server certificate, I know we can apply certificate via website. But if we don't want to client do the step, is there any other way to solve?

    Best regards,
    David


    dd
    Monday, April 25, 2011 9:24 AM

Answers

  • Hello, simply because a test certificate is, as the name says, for testing purpose. In most environment it is not considered as a trusted certificate because it is not signed by a well known CA. But if you're for intract use only, you can still use your test certificate. Just make sure you also create a self signed CA, and then distribute the CA as well as the test certificate to all client machines, help them to build up the trust chain. For internet scenarios, you should never use a self signed certificate. Otherwise your service will not be considered as legitimate by most third parties.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    Windows Azure Technical Forum Support Team Blog
    • Marked as answer by dd1825874 Tuesday, April 26, 2011 5:35 AM
    Tuesday, April 26, 2011 1:40 AM

All replies

  • anyone knows? thanks a lot.
    dd
    Monday, April 25, 2011 1:49 PM
  • Hello, simply because a test certificate is, as the name says, for testing purpose. In most environment it is not considered as a trusted certificate because it is not signed by a well known CA. But if you're for intract use only, you can still use your test certificate. Just make sure you also create a self signed CA, and then distribute the CA as well as the test certificate to all client machines, help them to build up the trust chain. For internet scenarios, you should never use a self signed certificate. Otherwise your service will not be considered as legitimate by most third parties.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    Windows Azure Technical Forum Support Team Blog
    • Marked as answer by dd1825874 Tuesday, April 26, 2011 5:35 AM
    Tuesday, April 26, 2011 1:40 AM