Re: What is the importance of deploying digital certificates on application servers in the domain ?

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/29/04

• Next message: Steven L Umbach: "Re: Failure Audit"
• Previous message: Steven L Umbach: "Re: Internet Explorer Access Denied Error"
• In reply to: Marlon Brown: "What is the importance of deploying digital certificates on application servers in the domain ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 29 Oct 2004 21:20:20 GMT

Ask him for exactly what purpose, as there are many certificates for
different uses. If he wants to use ipsec to encrypt traffic and use a
require ipsec policy on the application servers to restrict access, by
default kerberos will be used for computer authentication in a domain and
works very well. Otherwise certificates can be used for ipsec. It is not
that difficult to install a Certificate Authority, however users will have
to manually request certificates [in W2K] though computer certificates can
be issued by automatic request via Group Policy. The link below is for the
basics of setting up a CA. --- Steve

http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/casetupsteps.asp

"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news:OyX4AbevEHA.2196@TK2MSFTNGP14.phx.gbl...
> Win2000SP4 AD domain.
>
> Application server admin requests that I install digital certificates in
> the
> domain to make all Application servers more protected when being accessed
> from the internal network.
>
> I would like to double check and see implications and level of importance
> of
> doing that ? Please advise if that is troublesome to implement.
>
>

---

• Next message: Steven L Umbach: "Re: Failure Audit"
• Previous message: Steven L Umbach: "Re: Internet Explorer Access Denied Error"
• In reply to: Marlon Brown: "What is the importance of deploying digital certificates on application servers in the domain ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: The art of negotiation and trust in IPSEC ... They would need to be ipsec certificates or possibly machine certificates as ... IPSEC to confirm the validity of the Cert on the remote endpoint? ... > (or preshared key)) to authenticate/validate the enpoints of the IPSEC ... (microsoft.public.win2000.security) Re: IPSEC wireless router ? ... > The main advantage of IPSec is the Sec part, ... digital certificates issued by these organizations called certification ... SSL implementation at the time was one-way authentication between the ... supporting digital signature authentication ... ... (alt.internet.wireless) Re: IPSEC with non-domain Server ... Certificates are not the "most secure", rather, they are one of the 2 "more ... > authenticate computers and protect traffic integrity and confidentiality ... > Attacks on IPSec and Other Security Concerns ... (microsoft.public.security) Re: Shared Certificate Store in Active Directory ... There is no need to store IPSEC certs in the AD for IPSEC, ... > Active Directory so you can make Certificates and their ... > Certificates rather than Kerberos? ... (microsoft.public.win2000.security) Re: freeswan: no reply packets / nat ... > local access to a client or server. ... Ipsec uses certificates. ... (comp.os.linux.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)