Re: Newbie needs info on using SSL.

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/05/04

• Next message: Miha Pihler: "Re: Access for scripting to create directories"
• Previous message: Bill: "Access for scripting to create directories"
• In reply to: Ken Varn: "Re: Newbie needs info on using SSL."
• Next in thread: Bernard: "Re: Newbie needs info on using SSL."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 5 Oct 2004 16:51:27 +0200

<snip>

> Your last paragraph regarding the generation of our own CA seems to fall
> more in line with what we want to do. Could you elaborate further on how
to
> do this?

You would need to setup CA server on Windows 2003 (my recommendation)
server. You could then issue certificates to your web appliances.

In your case, you will probably want to setup standalone CA. On this server
you can define how long will certificates on this appliances last (e.g.
1,2,3 ... years). Only people that will install your CA server's certificate
will trust certificates on your appliances...

Here are some additional resources.

Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx

Mike

<snip>

• Next message: Miha Pihler: "Re: Access for scripting to create directories"
• Previous message: Bill: "Access for scripting to create directories"
• In reply to: Ken Varn: "Re: Newbie needs info on using SSL."
• Next in thread: Bernard: "Re: Newbie needs info on using SSL."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Auto-Enrollment of Certificates ... The adminpak is available on your Windows Server 2003 CD. ... how to install on various versions. ... you can use an enterprise CA to issue your certificates. ... This is a Active Directory configuration, ... (microsoft.public.platformsdk.security) Re: client user certificates ... in certificates using Windows Server 2003 Enterprise Edition Enterprise CAs ... but it would be nice if there was a way to autoenroll the user. ... We have a Windows Server 2003 domain environment with a Enterprise ... (microsoft.public.windows.server.active_directory) Re: Auto-Enrollment of Certificates ... What are you trying to do with this step: "'Add Standalone Snap-In"? ... Best Practices for implementing Windows Server 2003 PKI: ... Windows Server 2003 web enrollment and troubleshooting guide: ... > template in the 'Add Standalone Snap-In', I can just see Certificates ... (microsoft.public.platformsdk.security) RE: PKI ... Certificate Services Tools and Settings ... Version Windows Server 2003 and Windows 2000 Server ... This setting controls the number of concurrent sessions to the certificates ... (microsoft.public.security) Re: Wireless Radius Clients ... That;s because the issuing CA MUST be Enterprise Edition. ... if you want to take advantage of autoenrollment for computer ... take advantage of autoenrollment for user certificates, use Windows Server ... (microsoft.public.windows.server.networking)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint