You have the right considerations.

That Is, it sounds like you are also defining your own root certificate authority, an internal authority. After all, its only one internal web site; why should you pay for someone to host a root authority for you? (Answer: because its cheaper in the long run. Now your internal root authority must be available whenever and wherever clients many need it, and eventually this means externally. I know, not today, not by design, ... but in the long run. Buying a certificate from an established CA for these simple cases avoids the need to host your own CA today and avoids a migration tomorrow. By you live, you learn ...)

Your authority must be added to the list of trusted root authorities. You've updated AD and most clients have the update. Some XP clients do not. Time to troubleshoot the clients ...

Is automatic updating of trusted root certificates enabled?
http://technet.microsoft.com/en-us/library/cc786443%28WS.10%29.aspx

Please complete the following information:

REGISTER / LOG-IN TO DISCUSS

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Submit your e-mail address below to continue

E-mail: 

E-mail: 

Handle:   

Password: 

Forgot Password?

Create Handle: 

Your handle identifies you in ITKnowledgeExchange. Max 30 char.

Create Password: 

Confirm Password: 

Yes, I agree to the IT Knowledge Exchange  Terms and Conditions.

hidden modal window