SSL: reason of CAs in private Lan?

hi
i don't understand well :
why i need to request to a CA for a certificate
if i just try to secure communications
in my private Lan ... between 2 servers
why i need to involve a third entinty ?
are not my servers CAs
for my Lan by themselves ?
thanks
i will appreciate
your comments



--
atte,
Hernán Castelo
SGA - UTN - FRBA

You can use a third party certificate or you can use certificates from your
own Certificate Authority. It is all a matter of trust. If computers outside
of your network need to be able to use ssl on your IIS server then you want
to use third party certificates or they will be told that the certificate
from the server is not trusted unless your CA certificate [public key] is in
their trusted root store. Either way you must install a certificate that
also contains a private key on any server that will be offering ssl. When a
client computer tries to establish a ssl sessions with a IIS server, the
client computer will use the IIS server's certificate [public key] to
encrypt a challenge to the IIS server. The IIS server then must use the
matching private key or the certificate to decrypt the challenge from the
client in order to continue with the authentication process. The term
certificate is confusing in that what is really needed is the PKI "key pair"
for the certificate which consists of the public key and the private key.
Often the term "certificate" refers to only the public key. The link below
may be helpful.--- Steve

http://www.newsforge.com/article.pl?sid=04/07/29/155212


"Hernán Castelo" <(E-Mail Removed)> wrote in message
news:eO%(E-Mail Removed)...
> hi
> i don't understand well :
> why i need to request to a CA for a certificate
> if i just try to secure communications
> in my private Lan ... between 2 servers
> why i need to involve a third entinty ?
> are not my servers CAs
> for my Lan by themselves ?
> thanks
> i will appreciate
> your comments
>
>
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
>
>

thanks for reply

--
atte,
Hernán Castelo
SGA - UTN - FRBA

"Steven L Umbach" <(E-Mail Removed)> escribió en el mensaje
news:%(E-Mail Removed)...
> You can use a third party certificate or you can use certificates from
your
> own Certificate Authority. It is all a matter of trust. If computers
outside
> of your network need to be able to use ssl on your IIS server then you
want
> to use third party certificates or they will be told that the certificate
> from the server is not trusted unless your CA certificate [public key] is
in
> their trusted root store. Either way you must install a certificate that
> also contains a private key on any server that will be offering ssl. When
a
> client computer tries to establish a ssl sessions with a IIS server, the
> client computer will use the IIS server's certificate [public key] to
> encrypt a challenge to the IIS server. The IIS server then must use the
> matching private key or the certificate to decrypt the challenge from the
> client in order to continue with the authentication process. The term
> certificate is confusing in that what is really needed is the PKI "key
pair"
> for the certificate which consists of the public key and the private key.
> Often the term "certificate" refers to only the public key. The link
below
> may be helpful.--- Steve
>
> http://www.newsforge.com/article.pl?sid=04/07/29/155212
>
>
> "Hernán Castelo" <(E-Mail Removed)> wrote in message
> news:eO%(E-Mail Removed)...
> > hi
> > i don't understand well :
> > why i need to request to a CA for a certificate
> > if i just try to secure communications
> > in my private Lan ... between 2 servers
> > why i need to involve a third entinty ?
> > are not my servers CAs
> > for my Lan by themselves ?
> > thanks
> > i will appreciate
> > your comments
> >
> >
> >
> > --
> > atte,
> > Hernán Castelo
> > SGA - UTN - FRBA
> >
> >
>
>