Re: CA Stand Alone Root vs Enterprise Root

From: D. Cross [MS] (vaq130@hotmail.com)
Date: 06/06/02


From: "D. Cross [MS]" <vaq130@hotmail.com>
Date: Thu, 6 Jun 2002 06:50:15 -0700


It could be either one.

for greater security - it should be offline on a member server not joined to
a domain, etc

for greater flexibility and ease of administration, it could be online and
joined to the domain

traditional tradeoff here

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Frank Durham" <fdurham@nospam.sportsendeavors.com> wrote in message
news:#1MjaC9CCHA.2004@tkmsftngp02...
> David-
>
> Thanks for the quick response.  My next and final question is; for the
Stand
> alone, should it be configured for AD or just a member server?
>
> Frank
> "D. Cross [MS]" <vaq130@hotmail.com> wrote in message
> news:OsAjcv8CCHA.1272@tkmsftngp04...
> > An enterprise CA must stay online.  If you want a tiered hierarchy, you
> > should install an offline standalone root CA and then an online
> subordinate
> > enterprise CA.
> >
> > --
> >
> > David B. Cross [MS]
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > "Frank Durham" <fdurham@nospam.sportsendeavors.com> wrote in message
> > news:eZwlGp8CCHA.2672@tkmsftngp05...
> > > Greetings-
> > >
> > > I know the major difference between an Enterprise Root CA and a
> > Stand-Alone
> > > Root CA is the Enterprise requires Active Directory.  Well I have done
> > some
> > > research on Tech net and there is an article, Q271386.  I am trying to
> > > vreate an Enterprise Root CA and then install a subordinate CA, then
> take
> > > the Enterprise offline.  This article seems to say that this will not
> work
> > > in an Enterprise CA environment.
> > >
> > > Anyone had any experience setting up a Root/subordiate CA, within
Active
> > > Directory?  If so any help would be appreciated.
> > >
> > > Frank
> > >
> > >
> >
> >
>
>