1 of 1 people found this helpful
you can for sure. You'd need to get a subordinate CA from Thawte, Verisign and alike. This involves much money and lawyers as you will automatically become a subsite of the Root CA. What I'd suggest instead would be to simply use the welcome page functionlaity to inform guest users (identified by IP?) to download and install the CA cert from a network share or via HTTP from MWG and install it manually.
If you do decide to go the route of pushing out your own self-signed Root CA there is a very good third party site detailing how to do this with group policy here:
I just happened to be buying a SSL cert for another purpose when I can across this.
You can buy a publically signed Subordinate cert, but the requirements are steep.
GeoRoot Eligibility Requirements
To purchase GeoRoot you must meet the following minimum requirements:
- Net worth of $5M or more
- A minimum of $5M in Errors and Omissions insurance
- Articles of Incorporation (or similar) and an incumbency certificate provided
- A written and maintained Certificate Practice Statement (CPS)
- A FIPS 140-2 Level 2 compliant device (GeoTrust has partnered with SafeNet, Inc.) for key generating and storing your root certificate keys
- An approved CA product from Baltimore/Betrusted, Entrust, Microsoft, Netscape or RSA