Re: PKI design
From: David Cross [MS] (dcross@online.microsoft.com)
Date: 10/20/02
- Next message: David Cross [MS]: "Re: Certificate modification"
- Previous message: David Cross [MS]: "Re: Publishing AIA certificates to Local Machine store"
- In reply to: John McCoy: "PKI design"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Cross [MS]" <dcross@online.microsoft.com> Date: Sat, 19 Oct 2002 15:48:00 -0700
Well, this gets a little complex. You can set this up in a simple way by
creating an enterprise root CA and enrolling your users and servers for
appropriate certs. Your "external users" will have to trust this root
certificate when sending e-mail or visiting your secure web sites like OWA.
This is a manual process for individual users - this is the hardest issue to
cope with. Next, users will have to "exchange" their encryption certs with
external users so mail can be encrypted - this is also a manual process.
This whitepaper will help you understand how trust is built with root certs:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/winxppro/support/tshtcrl.asp
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "John McCoy" <jmccoy@cmatech.com> wrote in message news:OqRithudCHA.1700@tkmsftngp10... > I have a quick question, if I create a root CA in my domain is this a good > choice for users to be able to retrive secure email via OWA? Or should I set > up the server up differently? > > I also want outside people to send and receive secure email from the users > inside. > > Thanks > > John > >
- Next message: David Cross [MS]: "Re: Certificate modification"
- Previous message: David Cross [MS]: "Re: Publishing AIA certificates to Local Machine store"
- In reply to: John McCoy: "PKI design"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
