Re: can a microsoft enteprise Root CA be offline?
From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 10/26/04
- Next message: Smelly: "Just installed a certificate authoity..."
- Previous message: Steven L Umbach: "Re: Where should I install a certificate?"
- In reply to: izael: "can a microsoft enteprise Root CA be offline?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Oct 2004 14:39:42 -0500
In article <d51193cc.0410260952.50d69cc9@posting.google.com>,
izael.ochoa@reforma.com says...
> Hi everyone, sorry my english
>
> Does anyone know if a microsoft enterprise root certification
> authority can be offline?
>
> I have notice that if the CA server is offline, the EAP-TLS clients
> cannot be authenticated by the IAS server.
>
> Isn=3Ft it suppose that the the certificates are valid by them selfs?
> why does the CA needs to be available in order to the certificates be
> authenticated?, is there any redundancy squeme that could be used?, if
> the Ca server fails, nobody would be able to acces the network
>
> thaks in advance
>
No. To be an offline CA, the root CA must be installed as a Standalone
Root CA. Please see the best practices whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/
operate/ws3pkibp.asp
Brian
- Next message: Smelly: "Just installed a certificate authoity..."
- Previous message: Steven L Umbach: "Re: Where should I install a certificate?"
- In reply to: izael: "can a microsoft enteprise Root CA be offline?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
