Re: LDAP/S

• Previous message: Carl Gross: "Shared permissions vs. security"
• In reply to: Steven L Umbach: "Re: LDAP/S"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 19 May 2005 15:54:26 -0400

got on a tangent and forgot I posted the question.

Thanks!
bob

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uVCrwRfUFHA.928@TK2MSFTNGP15.phx.gbl...
>A Certificate Authority can be very useful in the domain. If possible
>install it on a Enterprise version of Windows 2003 Server so that you can
>install an Enterprise Certificate Authority that will be able to take
>advantage of version 2 templates and autoenrollment for XP Pro computer and
>users. Keep in mind that you want your root CA to be physically secure to
>minimize possiblity of compromise of your PKI. You also want to make sure
>that for now only certificates you want issued are issued. You can do such
>by modifying the permssions on the certificate templates. A user/computer
>needs enroll permission to obtain a certificate. --- Steve
>
> http://www.microsoft.com/technet/security/prodtech/windows2000/secmod154.mspx
>
>
> "Bob Weiner" <bob@engr.uconn.edu> wrote in message
> news:eZrI9RbUFHA.2664@TK2MSFTNGP15.phx.gbl...
>>I haven't run a CA before and want to know if there will be any
>>side-effects to setting one up to support LDAP/S. I have a Win2k3 domain.
>>
>> One of our linux guys wrote a password changing routine to update users'
>> windows accounts which runs from a linux box. Of course, this routine
>> could have been easily written on the windows side and made available but
>> ...
>>
>> Anyway, he now wants a CA installed in the domain to support LDAP/S which
>> is needed to make the password update. Is this something I can do
>> quickly without impacting either the domain as it exists now or our
>> ability to implement a proper pki structure later?
>>
>> I'm not looking for someone to explain how to do it; I sure I can find
>> info on that. All I need to know is <b>IF</b> I pull out a how-to
>> article on installing a CA and do it with minimal understanding, will I
>> regret it later?
>>
>> thanks,
>> bob
>>
>>
>>
>>
>
>

• Previous message: Carl Gross: "Shared permissions vs. security"
• In reply to: Steven L Umbach: "Re: LDAP/S"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: howto x.509 certification in GER ... > Or you could simply set up your own certificate authority under Windows ... someone to install my own certificate authority in the windows explorer, ... I make a certificate at Verisign. ... (microsoft.public.vc.atl) Re: Enteprisesubordinate CA in parent:child domains ... Are you sure that the CA you installed is an Enterprise CA?? ... I did not install Web Enrolment ... >> go to AD Users and Computers does the CA computer show as a member of the ... Can you open the Certificate Authority ... (microsoft.public.win2000.security) CA and IIS5 help Please ... I am running Win2k with SP3 with IIS5. ... I am not running active directory and can not run it. ... I just installed stand alone root certificate authority and the install went ... (microsoft.public.inetserver.iis.security) Help with CA and IIS5 PLease ... I am not running active directory and can not run it. ... I just installed stand alone root certificate authority and the install went ... and it puts the request file in c:/. ... (microsoft.public.win2000.security) Re: ssl in portions of my site ... if this is just for an internal use, you can install your own CA on ... > assuming that's what you meant by a "cert" right? ... > certificate authority, like verisign, do I have to pay ... (microsoft.public.inetserver.iis.security)