I have a local network (a intranet of about 50 to 70 computers) where is a Windows Server 2008 with a ASP.NET MVC application. To encrypt the connection with HTTPS i need a server certificate (not self-signed, but for deployment).
How i can do this? I need a local CA? How i can do this?
The idea behind a CA is to share trust to multiple actors.
If you are to just communicate with two of your own computers, you can set up personal certificate (you can even self-sign them, could be preferable since many certificate-able application try to check signatures), then you add this certificate into the approved certificate list of the client.
Therefore, when this client tries to connect, he will be able to assess the trust of the server's certificate (basically, it will receive the certificate from the server and since you added that same certificate to the list of trusted sources, it will be accepted).
This scenario does not allow for a good scalability and should only be used for internal purposes.
For an internal network with more clients but still one server, you have the possibility to use the same technique and devise a way to deploy the certificate to all the computers (or do it for each and any of them if you want to).
The problem of this approach is that you can't add other server without generating a new certificate and deploy the new server's certificate to all clients. Then, managing your own CA becomes interesting.
To put it simply, a CA is having a root certificate (self-signed certificate) that will be used to sign other certificates. Using the chain of trust created by the certificates, you will only have to deploy the root certificate of the CA to all the machine in the network. Then they will automatically trust any certificate signed by your CA root certificate, so you can create as many server as you need, generate a certificate form them, sign it and you're set.
Note: on how to generate the certificates, please refer the documentation of certificate manager (openssl, ...) this site is not the place to explain how to use them.
