Should I install Certificate Authority to solve these problems ?

From: Marlon Brown (marlon_brownj_at_hotmail.com)
Date: 10/30/04

• Next message: chv_at_anon.postalias: "Re: Cannot access to Event Viewer"
• Previous message: Steven L Umbach: "Re: Ports - WAN Miniport"
• Next in thread: Roger Abell: "Re: Should I install Certificate Authority to solve these problems ?"
• Reply: Roger Abell: "Re: Should I install Certificate Authority to solve these problems ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Oct 2004 23:01:45 -0700

I am on Win2000 Domain. I am planning to go to Win2003 beginning next year.

Management (non technical) is pushing to get Certificate Authority installed
on my domain now.

I would like to evaluate if the problems below really require a Certificate
Authority to solve those issues below ? Does it make sense create a
Certificate Authority now (domain), or should I migrate to WIn2003 and take
advantage of potential enhanced features there ? If I use IPSec on Win2003,
I would need a Certificate Authority in the domain, right ?

Is it viable installing a Certificate Authority to solve the problems below
?

1) A server management tool can use certificates when the servers
communicate with one another to verify each other's identity. The guy is
afraid that someone in the internal organization could pretend to be
RealServermanagement tool and change another server's configuration.

Does Kerberos provide protection against this ?

2) A client machine accesses a browser connecting to a third-party
application server. Assume text is trasmitted in clear text. If I use IPSec
to encrypt communications. do I need to install the Certificate authority ?

• Next message: chv_at_anon.postalias: "Re: Cannot access to Event Viewer"
• Previous message: Steven L Umbach: "Re: Ports - WAN Miniport"
• Next in thread: Roger Abell: "Re: Should I install Certificate Authority to solve these problems ?"
• Reply: Roger Abell: "Re: Should I install Certificate Authority to solve these problems ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows Advanced Server 2000 PKI ... following as a rough guideline for installing a Windows 2000 Enterprise or ... - install or reconfigure your DHCP server accordingly ... Join Windows 2000 member server to new domain and install Enterprise or ... > We would like to setup PKI having server2 as the> certificate authority. ... (microsoft.public.win2000.security) CA Question ... Question regarding certificate Authority. ... a handful of VPN users who currently access our LAN via VPN with 2 factor ... I understand that implications of installing a CA authority ... on a DC on a grand scale with hundreds of tokens. ... (microsoft.public.win2000.general) Re: Site Code Not Discovered. ... There is a Troubleshooting Management Points whitepaper on the SMS website ... installing a management point. ... DHCP Setup - are the clients looking at a specific DHCP Server ... (microsoft.public.sms.admin) Re: Site Code Not Discovered. ... DHCP Setup - are the clients looking at a specific DHCP Server ... outide of the SMS boundaries, even though it is dishing out SMS ... Management Point Configuration - You may have either not installed ... try to not do anything while this is installing, it can be as fragile as ... (microsoft.public.sms.admin) Re: Should I install Certificate Authority to solve these problems ? ... Implementing a PKI requires some thought, server builds, ... > Management is pushing to get Certificate Authority ... You have told them that this requires a minimum of two machines ... > 1) A server management tool can use certificates when the servers ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint