Re: two CA certificates for IPSec or something...
From: Brian Komar [MVP] (bkomar_at_nospam.identit.ca)
Date: 09/17/05
- Previous message: Ondrej Sevecek: "two CA certificates for IPSec or something..."
- In reply to: Ondrej Sevecek: "two CA certificates for IPSec or something..."
- Next in thread: Ondrej Sevecek: "Re: two CA certificates for IPSec or something..."
- Reply: Ondrej Sevecek: "Re: two CA certificates for IPSec or something..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 Sep 2005 09:41:07 -0500
Answers inline:
In article <ezeM0$4uFHA.3556@TK2MSFTNGP12.phx.gbl>, "Ondrej Sevecek"
<ondra at my_surname dot com> says...
> is it possible to have more then one CA signing certificate on one
> enterprise CA?
No, the Microsoft CA will have a single, valid signing certificate for
the issuance of new certificates. It is possible that after the renewal
of a CA certificate, that two or more CA certificates will exist and me
time valid, but only the active certificate is used to sign new
requests. The previous certificates will be used to sign CRLs associated
with that certificate.
>
> Or how to achieve this: to have two separate groups of computers using IPSec
> where one group enrolls automatically, the other manually or with approval.
> This should allow for restrictive and less restrictive IPSec filter rule
> sets on a server.
>
You could use two certificate templates to accomplish this, but if you
are applying different IPSec filters, the authentication can only
indicate *which* root CA the chain is rooted.
> O.
>
>
>
- Previous message: Ondrej Sevecek: "two CA certificates for IPSec or something..."
- In reply to: Ondrej Sevecek: "two CA certificates for IPSec or something..."
- Next in thread: Ondrej Sevecek: "Re: two CA certificates for IPSec or something..."
- Reply: Ondrej Sevecek: "Re: two CA certificates for IPSec or something..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
