>Hello:
>
>I am wondering if anyone is up-to-date on security and using W2000 Advanced Server for web applications. My understanding when W2K Adv Server first came out was that a digital certificate was going to be built into the operating system and would not require purchase from an outside vendor such as Verisign.
>
>However, I now have other information which indicates that any site using the HTTPS security will need a digital certificate purchased from an outside vendor.
>
>Anybody got the lowdown?
>
>Thanx,
>
>Linda

You have always had the ability to use the certificates built into Windows... purchasing a certificate from an outside vendor (Verisign) allows seamless integration with your clients without them having to do anything.

Ie, when you get a digital certificate from Verisign, Verisign is guaranteeing that you are who you say you are, and the user's systems are configured to trust that Verisign knows what they are talking about. If you simply create a certificate in Windows (something that anyone can do), a potential user has no way of knowing if you really are who you say you are, and they must accept the certificate as valid.