Re: CA Stand Alone Root vs Enterprise Root

From: D. Cross [MS] (vaq130@hotmail.com)
Date: 06/06/02


From: "D. Cross [MS]" <vaq130@hotmail.com>
Date: Thu, 6 Jun 2002 06:50:15 -0700


It could be either one.

for greater security - it should be offline on a member server not joined to
a domain, etc

for greater flexibility and ease of administration, it could be online and
joined to the domain

traditional tradeoff here

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Frank Durham" <fdurham@nospam.sportsendeavors.com> wrote in message
news:#1MjaC9CCHA.2004@tkmsftngp02...
> David-
>
> Thanks for the quick response.  My next and final question is; for the
Stand
> alone, should it be configured for AD or just a member server?
>
> Frank
> "D. Cross [MS]" <vaq130@hotmail.com> wrote in message
> news:OsAjcv8CCHA.1272@tkmsftngp04...
> > An enterprise CA must stay online.  If you want a tiered hierarchy, you
> > should install an offline standalone root CA and then an online
> subordinate
> > enterprise CA.
> >
> > --
> >
> > David B. Cross [MS]
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > "Frank Durham" <fdurham@nospam.sportsendeavors.com> wrote in message
> > news:eZwlGp8CCHA.2672@tkmsftngp05...
> > > Greetings-
> > >
> > > I know the major difference between an Enterprise Root CA and a
> > Stand-Alone
> > > Root CA is the Enterprise requires Active Directory.  Well I have done
> > some
> > > research on Tech net and there is an article, Q271386.  I am trying to
> > > vreate an Enterprise Root CA and then install a subordinate CA, then
> take
> > > the Enterprise offline.  This article seems to say that this will not
> work
> > > in an Enterprise CA environment.
> > >
> > > Anyone had any experience setting up a Root/subordiate CA, within
Active
> > > Directory?  If so any help would be appreciated.
> > >
> > > Frank
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: Difference between Certificate Authorities
    ... If your CA crashes, your main concern should be recover that CA, for that to happen you need a good backup plan strategy. ... If my Enterprise Root is crashed then certificate issue by Enterprise root CA will be served by Enterprise Sub Ordinate CA. ... Enterprise CAs Vs Standalone CAs - (the first one is in a domain and published in your AD, the second one may be in a domain or not but is not ...
    (microsoft.public.windows.server.active_directory)
  • Re: Difference between Certificate Authorities
    ... If my Enterprise Root is crashed then certificate issue by Enterprise root ... Root CAs Vs Subordinate Vs Issuing CAs. ...
    (microsoft.public.windows.server.active_directory)
  • Problem Generating offline addressbook
    ... Desciption: Returned error AD 8004010E ... While generating the offline address list for the Global address list ... Exchange 2000 Server Enterprise EN SP3 to run my Mailserver. ...
    (microsoft.public.exchange.misc)
  • Re: Certificate Authority type
    ... documented infrastructure and precedures around that - one cannot trust PKI ... I installed> a enterprise root and enterprise subordinate in my lab and it does not show> the enterprise subordinate in S&S. ...
    (microsoft.public.security)
  • Offline Address Book Error: 0x8004010F - E2K3 SP1
    ... Windows Server 2003 Enterprise ... When I logon with as a standard user who is a member of the 'Domain Users' ... Offline Address Book' sent as the 'Offline Address List' set as the list to ...
    (microsoft.public.exchange.admin)