PortSight Secure Access Documentation

Set Up Your Own Certificate Service


Using your own certificate service you will be able request, generate and sign your own certificates. Thus you will not need to request certificates from the public Certificate Authority (CA), such as Verisign, Inc. and pay for it. However, such "home-made" certificates will not be trusted unless the CA certificate chain is explicitly added in the appropriate certificate store .

To set up your own certificate service:

  1. You will need a server with one of the following operating systems: Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server or Windows 2003 Server.

  1. On the CA computer log on as an administrator.

  1. Check that the Certificate Services are installed on the machine:

a)       Click Start -> Control Panel -> Add/Remove Programs.

b)       Check that the Certificate Services are installed, if so continue to step 4.

c)       If Certificate Services are not installed, select Certificate Services and click Next.

d)       Select Stand-alone root CA as the certification authority type, check Advanced options and click Next.

e)       Keep default settings and click Next.

f)        Fill the form (at least CA authority name must be specified) and click Next. 

g)       Keep default settings and click Next.

h)       Click Finish.

  1. Now that the Certificate Service is installed check its configuration.

a)       Click Start -> Control Panel -> Administrative Tools -> Certification Authority.

b)       Right click your certification authority listed under Certification Authority (Local) and click Properties.

c)       Select Policy Module tab and click Configure.

d)       On the Default Action page you can specify whether the administrator must explicitly issue the certificate or whether the certificates are automatically issued. Choose the first option and click OK.

Now the Certificate Service should be correctly installed and configured.