Could anyone tell me about advantages and disadvantages of PKI with openSSL and Windows Certificate authorities ?
OpenSSL-based systems have no problems using Microsoft PKI certificates. They’re just certificates, same as you’d get from the pay vendors.
Where the issues creep in is the Certificate Signing Requests. MS-PKI requires extended attributes on the CSRs to correlate with Certificate Templates it track internal to the system. Creating a correct CSR using OpenSSL tools can take some work to get right.
However, if you have the ability to just create certificates and CSRs aren’t required, doing that and exporting the certificate will make things go a lot easier.
Source : Link , Question Author : user176420 , Answer Author : sysadmin1138