Re: Securing a Web Enrollment Server
From: Eric Chamberlain (eric.chamberlain_at_newsgroups.nospam)
Date: 05/06/04
- Next message: Roger Abell: "Re: DCOM Error in log"
- Previous message: Michael Sainz: "Web Enrollment of Certificates"
- In reply to: Max: "Securing a Web Enrollment Server"
- Next in thread: Phil Bailey: "Re: Securing a Web Enrollment Server"
- Reply: Phil Bailey: "Re: Securing a Web Enrollment Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 May 2004 17:56:56 -0700
"Max" <maxroberts1@yahoo.com> wrote in message
news:3a37fa17.0405051325.60fd4741@posting.google.com...
> We're in the designing phase for a Windows 2003 PKI. We plan to
> separate the Web Enrollment IIS server from the Issuing CA. Is this
> good practice?
>
I think it is a good idea to separate the functions, especially if your
users are connecting remotely and requesting certificates.
> Furthermore, is there any security reason not to host the Web
> Enrollment server on the web farm, or is there reason to host it on a
> dedicated server?
>
We host our RA in a web farm. The only issue I can think of is if you need
to trust the machine for delegation, other sites would also be trusted for
delegation.
- Next message: Roger Abell: "Re: DCOM Error in log"
- Previous message: Michael Sainz: "Web Enrollment of Certificates"
- In reply to: Max: "Securing a Web Enrollment Server"
- Next in thread: Phil Bailey: "Re: Securing a Web Enrollment Server"
- Reply: Phil Bailey: "Re: Securing a Web Enrollment Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
