Re: Issuing Enterprise Subordinate CA - Why not a DC?

From: Paul Adare (padare_at_newsguy.com)
Date: 03/03/05


Date: Thu, 3 Mar 2005 13:18:39 -0500

In article <112ed8qgpqbqi8d@corp.supernews.com>, in the
microsoft.public.windows.server.security news group, Dave
<dsturgeon@dont.send.any.spam.here.gmail.com> says...

> I was under the impression that even if you do build a stand alone root ca
> that you still have to connect it periocially to update the CRLs?
>

You need to turn it on periodically to issue an updated CRL, however,
you do not need to attach it to a network to do so. Copy the updated CRL
to a floppy or a USB device and then take that to a member computer and
publish it from there.

-- 
Paul Adare
"On two occasions, I have been asked [by members of Parliament],
'Pray, Mr. Babbage, if you put into the machine wrong figures,
will the right answers come out?' I am not able to rightly apprehend
the kind of confusion of ideas that could provoke such a question."
-- Charles Babbage (1791-1871)