Certificate Server install location
From: Chris (bogus_at_bogus.bogus)
Date: 02/23/05
- Next message: Curtis Koenig [MSFT]: "RE: EFS Recovery Agent"
- Previous message: Lee: "EFS Recovery Agent"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Feb 2005 12:56:51 -0500
I am setting up a PKI to facilitate wireless (802.1X) secure authentication
within my environment as well as securing Exchange web access and other web
services. The question I have is regarding installing Microsoft Certificate
Server. I see the recommendation to put it on a separate machine
(especially not a DC) and I also want to use Enterprise CA for AD
integration.
My environment is a single forest with an empty root domain containing 2
distinct domain trees. For simplicity, let's call them EMPTY.COM (empty),
US.COM (my local domain), and EUROPE.COM. Given I'm only installing a
single CA (will consider redundancy later), where is the best place to put
it logically? Should I make the CA a member of my local domain (US.COM) or
a member of the empty root domain? I want any user from any domain to be
able to acquire appropriate certificates regardless of location.
Note: I have successfully tested an Enterprise root CA install on a DC in
my local domain but I want to reconsider my final design to accomodate
roaming European users.
Regards,
Chris
- Next message: Curtis Koenig [MSFT]: "RE: EFS Recovery Agent"
- Previous message: Lee: "EFS Recovery Agent"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
