Certificate Authentication

I am currently working on deploying a website for staff to use remotely and would like to make sure it is secure.

I was thinking would it be possible to set up some kind of certificate authentication where I would generate a certificate and install it on their laptop so they could access the website?

I don't really want them to generate the certificates themselves though as that could easily go wrong.

How easy / possible is this and how do I go about doing it?

What you are looking to do is called two way ssl authentication

How to implement it is going to vary based on your web server.

Apache Guide

Check out CAcert, "A community driven certificate authority that issues certificates to the public at large for free."

tinyca2 is a nice graphical front-end to generate certificates. It is packaged for both Debian and Ubuntu Linux distributions. You will be able to generate the keys and certificates for the server and clients. They can be exported in a number of formats. I would recommend documentating proceedures for installing your ca-certificate as well as the client key and certificate. Setting or changing the password on the client key by your users should also be covered.

I second using mod-rewrite to force access to https://.

This Article deals with creating certificates for Microsoft Exchange, but the process is similar for any IIS Website. Hope that helps!