Thanks! A few questions: 1) Thus far, I have imported self signed certs into the browsers one the endpoints, and marked them as trusted. That has thus far prevented clients from receiving untrusted errors. 2) I do not use Microsoft CA - all the computers in our business are Macs and we don't use any Microsoft services. I understand that running an internal PKI is fraught with security risks and should be avoided unless there's an experienced team to manage it. Should I reconsider this? 3) If I continue using self signed certs, then I'm back to my original question: Should I use a bunch of root-cert/end-cert chains for each service on the firewall (thus meaning I may have 4 or 5 chains, with 4-5 individual root certs, for various firewall services) , or should I use one root cert, and have a bunch of end certs signed by that one single root cert, for all firewall services? I.e, Can all firewall services share the same self signed root cert and just have it's own end cert, signed by that root CA? Or do I need a separate root Cert CA for every end cert I need? Thanks!
... View more