I'm only familiar with SSL certificates in a simple-use case: I've installed them to websites, windows servers, and a few linux servers.
I'm now faced with the task of securing every possible device in our international network with SSL certificates. I've purchased a wildcard *.mydomain.com certificate from Comodo so that I can use the same certificate everywhere, but I'm still faced with the mountainous task of installing certificates to many Windows servers, apache servers, Linux servers of various flavors, proprietary OS's, desktops, and even printers.
What is most daunting about this task is that I will need to do it again and again - every time the SSL certificate expires. I know I can purchase a 5-year certificate, but even still, it is a hassle I'd rather not have to repeat.
Is it possible to have one system (like a Windows domain server) act as a certificate server and then just load every other device with a certificate that "points" to the certificate server for validation? My idea is that I would only have to update the certificate in one central location, and then all the other devices pointed to that server would automatically be current. I've already noted that there are concepts like "Intermediate CAs" and "Local CA Authorities", but I'm not sure if it is possible to leverage those concepts into helping me distribute a certificate from a big-name CA down the network...
I'm now faced with the task of securing every possible device in our international network with SSL certificates. I've purchased a wildcard *.mydomain.com certificate from Comodo so that I can use the same certificate everywhere, but I'm still faced with the mountainous task of installing certificates to many Windows servers, apache servers, Linux servers of various flavors, proprietary OS's, desktops, and even printers.
What is most daunting about this task is that I will need to do it again and again - every time the SSL certificate expires. I know I can purchase a 5-year certificate, but even still, it is a hassle I'd rather not have to repeat.
Is it possible to have one system (like a Windows domain server) act as a certificate server and then just load every other device with a certificate that "points" to the certificate server for validation? My idea is that I would only have to update the certificate in one central location, and then all the other devices pointed to that server would automatically be current. I've already noted that there are concepts like "Intermediate CAs" and "Local CA Authorities", but I'm not sure if it is possible to leverage those concepts into helping me distribute a certificate from a big-name CA down the network...
Facebook
Twitter