Concealment of DNS Name in CA Certificate
From: Dave W (DaveW_at_discussions.microsoft.com)
Date: 01/30/05
- Next message: Dave Niemeyer: "Give a user rights to add machine to domain, not 10 limit"
- Previous message: Brian Komar: "Re: Computer Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Jan 2005 00:11:01 -0800
I'd like to remove all DNS references from CA certificates, such that the
AIA CRT publication path is "DNS free". As far as I can tell, including the
DNS name in the CRT name is a bit of a security poser as it reveals a CA
server's DNS name to all and sundry.
There is a registry value called CACertFileName that I can change,
however, I cannot make this registry change before the CA server is
installed - and by then the CA server's certificate has already been
published (including the DNS reference). I could manually change the CRT
filename once published, but this will cause me problems when I come to
certificate renewal.
Anyone got any ideas?
Dave
- Next message: Dave Niemeyer: "Give a user rights to add machine to domain, not 10 limit"
- Previous message: Brian Komar: "Re: Computer Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
