0

  • I have 3 machines in domain and where I choose Machine1 to host asp.net web api application.

  • I have create my own CA RootCA and put in Machine1's trusted root.

  • then I issued one more certificate X with Machine1 fully qualified domain name from RootCA.

  • I put certificate X in Machine1's Personal root.

  • I bind my asp.net web api app with certificate X.

  • If I browse to my asp.net web api, it's running fine and NO certificate error.

  • Now when I am trying to browse my asp.net web api from Machine2 & Machine3, I am getting certificate error. if I copied RootCA certificate to both Machine2 & Machine3's trusted store, then NO certificate error.

It this required to copy RootCA certificate to both Machine2 & Machine3's trusted store? or can I eliminate this steps? perhaps I don't want to install any certificate in Machine2 & Machine3. Is this possible? Thanks!

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
user584018
  • 123
  • 5

1 Answers1

3

If you run your own PKI, then you have to deploy root CA certificate to all machines/applications that will utilize and/or validate certificates from your private root CA.

As an alternative, you may use 3rd party commercial CAs to get certificates, which are trusted out-of-the-box. Some 3rd party commercial CAs issue certificates for free and provide tools to automate certificate enrollment and renewal.

Crypt32
  • 6,639
  • 1
  • 15
  • 33