Re: two CA certificates for IPSec or something...

From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
Date: Fri, 16 Feb 2007 15:33:13 -0600

In article <1171652275.361557.67810@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Mshepherd00@xxxxxxxxx says...

is it possible to have more then one CA signing certificate on one
enterprise CA?

Or how to achieve this: to have two separate groups of computers using
IPSec where one group enrolls automatically, the other manually or
with approval. This should allow for restrictive and less restrictive
IPSec filter rule sets on a server.

ms

An MS CA can only have a single signing certificate. You can accomplish
what you are after by designing two certificate templates. One could be
deployed to a speicific security group using autoenrollment. The second
could require CA manager approval

Brian
.

References:
- two CA certificates for IPSec or something...
  - From: Mshepherd00

Prev by Date: two CA certificates for IPSec or something...
Next by Date: Re-Configuring LDAP CDP on Enterprise Root CA
Previous by thread: two CA certificates for IPSec or something...
Next by thread: Re-Configuring LDAP CDP on Enterprise Root CA
Index(es):
- Date
- Thread

Relevant Pages

Re: Isolate systems
... If you have access to the firewall, you might be able to configure what IP ... filtering policy on your computers which is a policy that uses rules with ... Ipsec policies are best when trying to configure for a subnet ... network layout you may be able to implement ...
(microsoft.public.win2000.security)
Re: Isolate systems
... You also may want to download the " Securing Windows 2000 Server Security ... to use ipsec "filtering" policies to secure domain controllers and other ... >> filtering policy on your computers which is a policy that uses rules with ...
(microsoft.public.win2000.security)
Re: Green Admin - Brute Force Attack - Pls Help
... Ipsec configuration is very similar [if ... specifics on how to use ipsec "filtering" policy to protect computers. ... is managing a network - particularly one in a hostile environment. ...
(microsoft.public.security)
Re: Preventing PCs from accessing the network
... Ipsec policies can be used to prevent non domain computers from accessing domain ... resources if the resource computer has a "ipsec require" policy. ... or port isolation. ...
(microsoft.public.win2000.networking)
Re: Prevent logon without certificate
... "Mark Gamache" wrote in message ... You can't really use IPSec between ... >> computers to domain, but if you change the policy only domain ... We're messing about with certificate services on a test windows 2003 ...
(microsoft.public.windows.server.security)