enterprise vs stand-alone CA?
- From: "B L Muzzy" <bob.muzzy@xxxxxxxxxxxx>
- Date: Fri, 20 Mar 2009 17:13:54 -0700
I want to create a Certificate Authority on each of 2 DCs in a win2003
Active Directory domain. I'm not sure if it makes better sense to set up
Enterprise Root CAs or Stand-alone root CAs. The clients will be coldfusion
web apps that know nothing of windows domains. So they won't be able to
participate 'automatically' in the certificate enrollment available with
Enterprise CAs.
I want to have 2 CAs for failover. Each client specifies the DC that it
will use for user creation & password changes explicitedly. That is, i
can't tell them to authenticate with the domain, they have to authenticate
with and communicate over SSL with a specific DC. So i want 2 for
redundancy. If one is the root and suffers hardware failure would a
subordinate function OK or will it choke because it has no root? In which
case I'd think it would be better to make each their own root CA to be fully
independent.
I'd appreciate any advice. Thanks,
Bob Muzzy
.
- Prev by Date: Re: Windows Server Hardening
- Next by Date: About SSL Weak Cipher Suites Supported vulnerability on Windows 2003 SP2
- Previous by thread: Access to security event log, event 578 and Windows 2003
- Next by thread: About SSL Weak Cipher Suites Supported vulnerability on Windows 2003 SP2
- Index(es):
Relevant Pages
|
Loading
