Re: Standalone or Enterprise CA
From: Andy (newsposting_at_multizite.org)
Date: Sat, 5 Mar 2005 10:23:02 +0100
OK. I've already done that and it works. But I encountered one problem.
On the Exchange website, I've ticked the box that says you must have a
client certificate to connect.
>From one of my client machines, I request a client certificate and I'm able
to connect. But, when I export this certificate to another user this user
are not able to connect.
The case is that we would like to make OWA available on the net, but our
users mutst have a certificate with them and import this on the machine they
are using to be able to connect.
How do we achieve this?
"Steven Umbach" <email@example.com> wrote in message
> You can still request and use certificates on computers that are not part
> of the
> Active Directory domain. You could request a certificate for a web server
> Web Enrollment. Just be sure to enter the name of your website as the name
> the certificate request. --- Steve
> "Andy" <firstname.lastname@example.org> wrote in message
>> And en enterprise CA will not be a problem for a webserver that is NOT
>> of the company A.D?
>> "Steven L Umbach" <email@example.com> wrote in message
>> > "But, further down the road I consider to begin widespread use within
>> > A.D." In such case it is a no brainier and you will want to use an
>> > Enterprise CA. It will give you much more flexibility, particiaulary if
>> > you are using Windows 2003 Server Enterprise as the operating system.
>> > The
>> > only issue with a public webserver is a matter of trust. If this web
>> > server is going to be used only by your users or others that you can
>> > distribute your Certificate Authority certificate to then your
>> > Enterprise
>> > CA will be fine. If this is a web server that will be available to the
>> > public in general then you want to apply for and purchase a certificate
>> > from one of the public PKI providers such as Verisign so that public
>> > users
>> > will trust your web server certificate. --- Steve
>> > "Andy" <firstname.lastname@example.org> wrote in message
>> > news:uWCbPnOIFHA.3608@TK2MSFTNGP14.phx.gbl...
>> >> Hi
>> >> I'm currently planning to set up a CA. But not quite sure if it would
>> >> be
>> >> best to use a standalone root CA, or a Enteprise CA. To start with
>> >> this
>> >> CA will be used for certificates for a SSL enabled website that's
>> >> running
>> >> OWA and Terminal Services.
>> >> But, further down the road I consider to begin widespread use within
>> >> A.D.
>> >> Are there any issues using an Enteprise CA for certificates that will
>> >> beused on a pubic webserver?
>> >> /Andy