Re: Certificate services
From: Marin Marinov (mlmarinov_at_askme.ca)
Date: 04/27/04
- Next message: Jimmy Temmer: "Admin Permissions in AD"
- Previous message: Marin Marinov: "Re: Is it possible,,,"
- In reply to: Martin K.: "Certificate services"
- Next in thread: Martin K.: "Re: Certificate services"
- Reply: Martin K.: "Re: Certificate services"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 10:25:55 -0400
<snip>
No, that's why it is a ROOT CA - nobody is above it, it issues and self-
signs its certificate. However, you can create an Enterprise subordinate
CA the parent of which is a standalone. When you design a CA hierarchy
the root should always be standalone since you'll be using it just for
certifying CAs at the lower tiers and most of the time it will be turned
off for security reasons. Check out the best practices for designing a
PKI whitepaper at Microsoft's site:
http://tinyurl.com/28cjx
If there's something specific you need to accomplish feel free to share
;)
-- Cheers, Marin Marinov MCT,MCSE 2003,MCSE:Security 2003 - This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Jimmy Temmer: "Admin Permissions in AD"
- Previous message: Marin Marinov: "Re: Is it possible,,,"
- In reply to: Martin K.: "Certificate services"
- Next in thread: Martin K.: "Re: Certificate services"
- Reply: Martin K.: "Re: Certificate services"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
