Certificate Server Hierchy Question
From: Rob (rob_at_nospam.com)
Date: 03/11/04
- Next message: Alex Anderson: "Adding Computers to the Domain"
- Previous message: Opti_mystic_69: "Move Enterprise Root CA to new hardware"
- Next in thread: David Cross [MS]: "Re: Certificate Server Hierchy Question"
- Reply: David Cross [MS]: "Re: Certificate Server Hierchy Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Mar 2004 16:29:17 -0500
I am trying to set up a website that will require client certificates and I
have read through much of what Microsoft has written about Windows 2000
Server Certificate Server but I am a little bit unsure on the hierchy of the
servers. Any help anyone can provide would be greatly appreciated.
>From what I gather, the best setup would be to have a Standalone Root CA
that is not connected to the network and a Subordinate Root CA that is
networked. I am not really clear on why this is. What is on the Root that
you can't get from the Subordinate? Assuming that this is the
configuration, can the Subordinate Root be on the same server as the web
server? I know it's possible to do this but is it a big security risk?
Does IIS log certificate use so I can know who/when was accessing the site?
Also, once I have this hierchy ironed out, what is the best/most secure way
to issue certificates to clients online?
Thanks in advance.
Rob
- Next message: Alex Anderson: "Adding Computers to the Domain"
- Previous message: Opti_mystic_69: "Move Enterprise Root CA to new hardware"
- Next in thread: David Cross [MS]: "Re: Certificate Server Hierchy Question"
- Reply: David Cross [MS]: "Re: Certificate Server Hierchy Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
