Well... trusting a CA means you trust it for any website you access from the workstation. Adding exceptions means you trust it only for those specific sites. I would not recommend adding an untrustworthy in-house CA, because from a workstation people may access external websites too. Like banks, for example. If the CA is create just to authenticate intranet sites, it does not mean that everyone should trust it for more than that.
On Mon, Jun 17, 2013 at 1:28 PM, Salz, Rich <rs...@akamai.com> wrote: > **Ø **By the way, I would NOT recommend add a in-house probably > unprotected CA as a trusted one. The exception is much better to deal with > such cases. **** > > ** ** > > If it’s a work machine, then absolutely trust the in-house CA, no matter > how it is managed and protected.**** > > ** ** > > /r$**** > > -- **** > > Principal Security Engineer**** > > Akamai Technology**** > > Cambridge, MA**** > > ** ** > -- -- Cristian Thiago Moecke
