Re: Certificate Authority (CA) Failover - Possible?
- From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
- Date: Sat, 25 Feb 2006 19:19:32 -0600
In article <D2149F7A-235A-432D-AB33-80BAC18B15BD@xxxxxxxxxxxxx>,
Frank@xxxxxxxxxxxxxxxxxxxxxxxxx says...
I hope this is the correct board to ask this question... I am trying to setupYou can accomplish some of what you want.
a CA for our company, not for AD purposes, but for client side web
certificates that can be issued to our customers to browse our website. Now
with the question...
Is there a way to setup 2 servers as the CA for failover purposes? I'm
thinking kind of like how DNS servers work. Where if one goes down, the other
one will just take over. It will be very important for the CA to stay up
because of the constant changes we will be making in the Issuing and denying
of certificates. Any information or suggestions would be great. Thanks!
-Frank
- You can have a DNS CNAME record that would send you to either of the
two CAs.
- Certificates would be fine as both CAs would chain to a common root CA
(you would need a two tiered hierarchy with an offline root CA)
- You would be able to issue any number of certificates from either CA
- The CA that issued the certificate would have to be up though to
revoke a certificate.
Today, there is no way to cluster the CA so that failover could happen.
What I have described is about all that you can do.
brian
.
- Prev by Date: Re: Defender installation failure w. Error 1609
- Next by Date: Re: Extracting share permissins using hyena.
- Previous by thread: Re: XP Client Secutiry without a Domain Controlled environment
- Next by thread: strange safe.w2kserver1.com connections, spyware?
- Index(es):
Relevant Pages
|
