Server and Related Client Configuration
The administrator of a target server must have completed at least
one of the following:
- Equip the server with an appropriate class X.509 certificate from a well-known Certificate
Authority (CA). The administrator will have created a public/private key pair,
submitted a request to the CA for a certificate, and received and activated that server
certificate. By definition a well-known CA is one whose root certificates are
already stored in the Personal Communications
Microsoft Certificate Store.Note:You must also equip the client with an X.509 personal certificate from the same certificate authority (CA) to enable client authentication.
- Equip the server with an appropriate class X.509 certificate from an unknown CA. The
procedure is the same as the step above with the added necessity of obtaining the root
certificate from the unknown CA. Note:You must also equip the client with an X.509 personal certificate from the same certificate authority (CA) to enable client authentication.
- Equip the server with a self-signed X.509 certificate. The administrator of the target
server can do this as an interim measure while waiting for a CA's certificate. The
distribution must be done in a secure manner to guard the privacy and integrity offered by
SSL. Note:
- You must also equip the client with an X.509 personal certificate from the same certificate authority (CA) to enable client authentication.