Re: Windows 2000 Certificate Services - Help Request (Understanding and operation).
From: Lisa_at_work (anonymous_at_discussions.microsoft.com)
Date: 08/27/04
- Next message: Steven L Umbach: "Re: Help needed setting up roaming administrator"
- Previous message: David Cross [MS]: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- In reply to: Paul Adare - MVP - Microsoft Virtual PC: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Next in thread: Miha Pihler: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Reply: Miha Pihler: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Aug 2004 07:48:30 -0700
Paul,
Do you have the link to the Microsoft PKI course?
Lisa
>-----Original Message-----
>In article <p18ui018mp9ru706ehdraloage8ku28hj4@4ax.com>,
in the
>microsoft.public.win2000.security news group, Go:gul
><b_ma_k@hotmail.com> says...
>
>> Question 1:
>>
>> As I understand it, I am supposed to do all my requests
on the
>> subordinate server and leave the CA root alone.
However, If I do this
>> then the CA Root server only ever shows (in the past 48
hours at
>> least), the certificates which were issued directly
from itself. It
>> does not show the certificates issued or revoked or
failed which were
>> produced as a result of requests from the subordinate
server.
>>
>> Should activity on the CA subordinate server not be
reflected in the
>> CA Root server (as it is the ultimate controller of
this system)?
>
>Nope. Each CA will only ever display the certificates
that it has
>issued. You're lacking a basic understanding of how PKI
works here. The
>root CA provides the top level of trust in your PKI, it
doesn't control
>the other CAs.
>
>>
>> Question 2:
>>
>> I have exported a certificate and imported it into
Outlook 2002. It
>> (Outlook) is capable of sending signed messages and
recognising signed
>> messages sent from a different account as signed.
>>
>> It fails completely with any attempt to encrypt a
message and send it
>> to a user account which has already sent a signed
message. I get a
>> warning that there is a problem with the other persons
certificate and
>> that it is not trusted.
>
>Based on which template? Are you sure that you've got a
certificate that
>is good for both signing and encryption?
>
>>
>> Question 3:
>>
>> There are alot of options for what type of encryption I
want when I
>> request a certificate. Can someone tell me what the
best all round
>> secure setting is when requesting a certificate through
the "request
>> form"?
>
>This is a big topic, and you really need to start with
the basics. PKI,
>given its importance and nature, is not something you can
get "almost"
>right and expect it to work, or to be secure. I'd suggest
taking a
>course in PKI (Microsoft has a great one), or at the very
least reading
>the help files, and the white papers, etc, on the
Microsoft web site.
>
>
>--
>Paul Adare
>This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>.
>
- Next message: Steven L Umbach: "Re: Help needed setting up roaming administrator"
- Previous message: David Cross [MS]: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- In reply to: Paul Adare - MVP - Microsoft Virtual PC: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Next in thread: Miha Pihler: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Reply: Miha Pihler: "Re: Windows 2000 Certificate Services - Help Request (Understanding and operation)."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
