Private Certificate Authorities
An organization can set up its own private certificate authority (CA) recognized only by it’s own networks. The CA signs certificates only for the organization. The private CA generates its own root certificates and distributes them to the machines belonging to the organization. However, for HostExplorer to use these root certificates for SSL/TLS communication, it must have access to them.
Private CAs can sign server certificates generated by system administrators. They can also sign user certificates generated by individuals within the organization.