Re: how many CA's (cross posted...)
- From: "MarioC" <marioc@xxxxxxxxxx>
- Date: Tue, 24 Oct 2006 21:23:48 +0200
Hi there,
Since the CA is only used when issueing certificates it would not make any
sense to install a second one in the branch office. All required information
(CRL, AIA) can be found redundant in AD.
Installing ca CA on a DC is supported. Best practice would be to install the
CA on a dedicated (virtual?) secure machine.
Mario
"Marco Tonoli" <MarcoTonoli@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AB81E25F-7CE9-4692-AB3E-AE9F7F0F1554@xxxxxxxxxxxxxxxx
Hi all, i have a question:
i have a PKI infrastructure, with a offline root, an enterprise CA and a
domain controller. We use PKI for smart card, email signing and what
future
time will offer...
Now we start a branch office with many user so i make a new domain
controller (for same central domain) in the branch office for
autentication
speed and geographics redundance. The lan's have non egual ip addressment
but
one see each other. I'll correctly set "site and service" applet so pc
remote
will use remote DC.
My question is... i need also a second CA in the branch office ? if not i
can have speed problem ? (i don't kon how fast is connection, specifically
during working hour).
And, if i need a second CA, can install on DC ? (i think have not CPU
power
problem and no security access problem) and there same particolar
procedure
to avoid strange situation like pc autentication or PKI process on erratic
CA
and DC ?
Thanks all in advance (and excuse my english.... writing from italy.)
.
- Follow-Ups:
- Re: how many CA's (cross posted...)
- From: Marco Tonoli
- Re: how many CA's (cross posted...)
- Prev by Date: Re: Create a domain account with full access to all files and folders?
- Next by Date: Re: Files Associated With Client Component of TCP/IP Properties
- Previous by thread: tracking admin commands
- Next by thread: Re: how many CA's (cross posted...)
- Index(es):
Relevant Pages
|
