Re: Stand-alone vs Enterprise subordinate CA?
- From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Mar 2007 18:11:50 -0600
Inline
In article <#7vls#mYHHA.4232@xxxxxxxxxxxxxxxxxxxx>,
MarlonBrown@xxxxxxxxxxxxxxxxxxxxxxxxx says...
I am setting up a 2 tier PK infrastructure, Win2003 Ent.
Offlline root CA is already configured. On my offline root ca server. On AIA
I informed a \\publicserver\shared\myucert.crt - OK. I put the cert out of
the OffLineRootServer because I understand such server should remain shut
down for the most part.
I would personally never post an CA certificate to a UNC name (even
though supported). Consider changing to LDAP and HTTP locations. the
Best Practices whitepaper provides guidance on this
(www.microsoft.com/pki)
Next step on the Windows 2003 PKI checklist is:
"Install subordinate certification authorities, as required by your planned
certification hierarchy. These can be stand-alone certification authorities,
or if you are using Active Directory, enterprise certification
authorities...".
You would want an enterprise CA. To take full advantage of the CA
offering, ensure that you install on Windows Server 2003, Enterprise
Edition, not standard edition.
.
Since my "OnlineCAserver" is joined to AD, should I pick the "stand-alone
subordinate" or "enterprise subordinate certification authority".
Sorry if that is a stupid question.
Brian
- References:
- Stand-alone vs Enterprise subordinate CA?
- From: Marlon Brown
- Stand-alone vs Enterprise subordinate CA?
- Prev by Date: Re: Finding out 411 about the IP address
- Next by Date: Re: Finding out 411 about the IP address
- Previous by thread: Stand-alone vs Enterprise subordinate CA?
- Next by thread: Re: IE6 and OE6 security in general
- Index(es):
Relevant Pages
|
Loading
