Re: PKI (CA Hierarchy) and Hyper-V pros and cons
- From: "Brian Komar \(MVP\)" <brian.komar.nospam@xxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Apr 2008 19:09:00 -0500
That does not protect the private keys.
Any body who is local Admin can:
1) Export the CA's private key and certificate
2) Import it into *any* computer they want
3) Issue a certificate that your org trusts and cannot revoke from the CA console
What type of business are you in. Are you sure that you are making the right decision.
But, to summarize, BitLocker does not replace a HSM
Brian
"hypnotix911" <hypnotix911@xxxxxxxxx> wrote in message news:O7XW9MAlIHA.5820@xxxxxxxxxxxxxxxxxxxxxxx
Thank you both,
but what about using bitlocker on VM files?
(we don't have a budget for HSM)
"hypnotix911" <hypnotix911@xxxxxxxxx> wrote in message news:OC9JVIqkIHA.4076@xxxxxxxxxxxxxxxxxxxxxxxEnterprise three-tier CA hierarchy on virtual machines?
Or any part of hierarchy (offline or online CAs )? Is it bad idea?
Any thoughts?
Tnx a lot.
.
- References:
- Re: PKI (CA Hierarchy) and Hyper-V pros and cons
- From: hypnotix911
- Re: PKI (CA Hierarchy) and Hyper-V pros and cons
- Prev by Date: Re: Group Policy Management Console, GPMC for Vista with SP1
- Next by Date: Re: Windows Server 2008 CA
- Previous by thread: Re: PKI (CA Hierarchy) and Hyper-V pros and cons
- Next by thread: Re: clm users certificates expiration
- Index(es):
Relevant Pages
|
