Re: Windows 2003 Certificate server
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/24/04
- Next message: PG: "Help - KDC Certificate is invalid"
- Previous message: Miha Pihler: "Re: xp &server"
- In reply to: Chris: "Windows 2003 Certificate server"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 24 Sep 2004 19:52:58 +0200
Hi Chris,
If you require high security, you could setup offline CA server -- CA server
that is not connected to the network. This way you would still be able to
use Web Enrolment that will ease your work when enrolling.
Once you enroll and issue certificate (administrator has to issue (approve))
any certificate in Windows 2003 standalone CA setup (by default). Once
administrator issues (approves) certificate, you can access it again using
web interface and save .pfx file to hard drive.
I find it a bit strange that you have to install private key on VPN device
and public key on client. Usually it would be the other way around...
Here are some resources on how to setup Windows 2003 server CA.
Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
Mike
"Chris" <Chris@discussions.microsoft.com> wrote in message
news:93046E23-481E-4813-A0A8-A903EC646B1F@microsoft.com...
> I want to use Windows 2003 as a stand alone CA. The purpose of the server
> will be to manually issue certificates to be used for client to gateway
vpn
> connections.
> For security reasons, I want the entire request / approval process to be
> manual without web-enrollment. Once a request, has been sent and
approved
> the Public Key gets installed on the requesting computer. Where is the
> Private Key stored?
> I need access to both Keys, the Public Key for the user to install on
their
> home systems and the Private Key has to get loaded into the Third-Party
vpn
> gateway appliance.
>
> TIA
>
- Next message: PG: "Help - KDC Certificate is invalid"
- Previous message: Miha Pihler: "Re: xp &server"
- In reply to: Chris: "Windows 2003 Certificate server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
