Re: Certificate Services

From: Dan (Dan_at_discussions.microsoft.com)
Date: 05/18/05

• Next message: Dan: "RE: Certificate Services"
• Previous message: Dan: "RE: Certificate Services"
• In reply to: Steven L Umbach: "Re: Certificate Services"
• Next in thread: Dan: "RE: Certificate Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 18 May 2005 12:11:02 -0700

Thanks! Appreciate the advice.

"Steven L Umbach" wrote:

> To keep the integrity of your PKI you want to make sure that the Certificate
> Authority is well secured meaning physically and that administrator access
> to the server is closely controlled. Otherwise you run the risk of
> unauthorized certificates being issued or even unauthorized subordinate
> Certificate Authorities being installed. You can control which
> users/computers can obtain certificates by configuring security permissions
> on the certificate templates. You should also be aware that if you have the
> choice installing your CA on Windows 2003 Enterprise Server in a domain then
> you will be able to use version 2 templates and take advantage of
> autoenrollment for users and computers which can greatly help in managing
> certificates and renewals. The links below may help. --- Steve
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
> http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:4A21E8A3-D7EB-42C8-BB9A-8676E820D61A@microsoft.com...
> > Hi all,
> >
> > I plan to implement WPA using a RADIUS server. To do this I must install
> > certificate services on a server. Is there an "outside" security risk by
> > doing this? If so what are the best steps of precaution when installing
> > certificate services on Windows Server 2003?
> > --
> > Thanks,
> >
> > Dan
>
>
>

---

• Next message: Dan: "RE: Certificate Services"
• Previous message: Dan: "RE: Certificate Services"
• In reply to: Steven L Umbach: "Re: Certificate Services"
• Next in thread: Dan: "RE: Certificate Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Certificate Services help ... server with a different name. ... DCs need certificates to talk to each other? ... aren't using certs, you should revoke all certificates and then uninstall ... Certificate Services without installing it on a different server. ... (microsoft.public.windows.server.general) Re: Active Sync Issues with Windows Mobile Devices ... I can access my server without any issues whatsoever. ... Installing Certificates on Windows Mobile 5 and Windows Mobile 6 ... (microsoft.public.windows.server.sbs) Re: SSL and certificates ... Only a server certificate is required. ... The client should have the root ... sites with certificates issued by Verisign, Entrust, etc.) this is already ... > certificate and then installing each on all of the ... (microsoft.public.inetserver.iis.security) Re: Certificate Services ... To keep the integrity of your PKI you want to make sure that the Certificate ... Authority is well secured meaning physically and that administrator access ... to the server is closely controlled. ... If so what are the best steps of precaution when installing ... (microsoft.public.security) RE: Cant connect in to server! ... Cant access remote web workplace from outside server, ... Installing RRAS returned OK ... > address 3389 on the command line and paste the results to the newsgroup. ... > Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)