Determine when to issue a certificate with a private key based on security and usage requirements.
Determine when to issue a certificate with a private key based on security and usage requirements.
Hi there, welcome! I'm here to help with your PKI setup. For securing your home network, you should issue certificates with a private key whenever you need to authenticate devices or services. This is especially important when setting up HTTPS connections. Make sure to issue the certificates in cases where secure communication is required, such as connecting to a trusted server or client. Let me know if you need more details!
Windows Server 2016 - Datacenter, single root, no sub direct edits: I really dislike self-signed certificates.
You're using the same configuration as before. Just adding an ECC certificate sub-certificate. A two-tier PKI setup would be ideal—one root and one subordinate CA—for better security. This way, even if the root CA is compromised, unauthorized SSL issuance would be prevented, especially since internal PKI systems aren't trusted externally. I'd keep things secure.
EDIT: If your sub-CA is at risk...
I understand it's not ideal to rely on a single-tier PKI, but that wasn't the focus of your query. We veered a bit away from the main point.
Just sharing some info. You'd need to build Certificate Templates and publish them. I'm sure you're familiar with the process. Regarding your question, it's about using an SSL certificate across various servers. For instance, I issue a wildcard SSL for my internal servers. Rather than making separate ones, I export the key so it can be installed on multiple servers. For example, the SSL certificate below was issued by my ECC CA server and works on several servers and computers.
Yes, it is possible to create templates without a domain. You don’t need one to set them up.
You might consider testing it out, I'm using mine with a domain.