First of all, I'm not sure if this is even remotely the right forum to ask in, but it seemed the most relevant. If anyone has a better idea of where to ask about this sort of thing, then please do direct me.I'm new to the certificates concept, and have been creating a self-certified certificate authority certificate with which I have issued a number of other certificates to be used by both server and client software. The problem is that I need to send the certificate authority certificate to the clients in order for them to trust the server. However, as far as I can tell, doing so will allow the clients to issue there own certificate from the CA, causing a security breach. How can I safely allow the clients to have the certificate authority certificate, purely to specify that it should be trusted, without allowing this to issue further certificates from it? Thanks. :)

Hi, To publish the root certificate, please refer to the following website. It includes various ways to achieve this. Deploying a Trusted Root Certification Authority to Configuration Manager Computers http://technet.microsoft.com/en-us/library/bb693643.aspx To prevent users from enrolling further certificate, you can configure security tab on the certificate template (If you are using Microsoft Enterprise root certificate authority): Allow subjects to request a certificate that is based on the template http://technet.microsoft.com/en-us/library/cc784485.aspx Hope the information is helpful.