Re: Enterprise Root CA Install
From: Arlis Brown (ambrown@eyenm.com)
Date: 04/04/03
- Next message: Serge Ayotte: "Re: Understanding security template INF structures"
- Previous message: Zafar: "Re: KRB_AP_ERR_MODIFIED"
- In reply to: D. Cross [MS]: "Re: Enterprise Root CA Install"
- Next in thread: David Cross [MS]: "Re: Enterprise Root CA Install"
- Reply: David Cross [MS]: "Re: Enterprise Root CA Install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Arlis Brown" <ambrown@eyenm.com> Date: Fri, 4 Apr 2003 08:34:18 -0800
All,
Since input on the subject has been limited, I found an
article on the TechNet CDs entitled "Windows 2000
Certificate Services and Public Key Infrastructure".
Within, a comparison was provided between Microsoft's base
CSP and the enhanced CSP. Furthermore, other .Net
articles on PKI recommend using the enhanced CSP for
stronger encryption. Can anybody provide any information
on Microsoft's "Strong" CSP?
Also, I wanted to know if a Enterprise Root CA has to
have a static IP Address. I've covered articles on CA
disaster recovery and many elude to allocating a static IP
Address.
Any input on the subject will be appreciated. Thanks!
Arlis
>-----Original Message-----
>1. No - it is recommended to use a member server.
>
>2. Mainly key size. The Base provider is just fine for
most purposes.
>
>
>
>--
>
>David B. Cross [MS]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>"Arlis Brown" <ambrown@eyenm.com> wrote in message
>news:074901c2f977$2344c890$3301280a@phx.gbl...
>> I'm planning on installing a W2K Adv Server Enterprise
>> Root CA and have a couple of questions:
>>
>> 1) Does the Server have to be a domain controller? Or,
>> is it sufficient that it have access to a DC? As soon
as
>> I verify the installation and setup a subordinate
>> Enterprise CA, the root server will be taken off line
and
>> placed in storage. Therefore, I had reservations about
>> promoting it to a DC.
>>
>> 2) High Encryption Pack - Currently installed on my
>> target server. I noted additional CSP's are now
available
>> and wanted advise on selecting something other
>> than "Microsoft Base Cryptographic Provider v1.0".
Other
>> options are "Microsoft Enhanced Cryptographic Provider
>> v1.0" and "Microsoft Strong Cryptographic Provider".
What
>> are the pros and cons regarding deviating from the
>> default "Microsoft Base Cryptographic Provider v1.0"?
>>
>> I'll appreciate any feedback on this issue! Thanks!
>>
>> Arlis Brown, Network Manager
>> Eye Associates of NM, Ltd.
>>
>
>
>.
>
- Next message: Serge Ayotte: "Re: Understanding security template INF structures"
- Previous message: Zafar: "Re: KRB_AP_ERR_MODIFIED"
- In reply to: D. Cross [MS]: "Re: Enterprise Root CA Install"
- Next in thread: David Cross [MS]: "Re: Enterprise Root CA Install"
- Reply: David Cross [MS]: "Re: Enterprise Root CA Install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
