Guest Gunna Posted April 9, 2008 Posted April 9, 2008 that an Enterprise Root CA has to be a domain controller? What about subordinates? Quote
Guest Paul Adare Posted April 9, 2008 Posted April 9, 2008 On Tue, 8 Apr 2008 17:18:04 -0700, Gunna wrote: <span style="color:blue"> > that an Enterprise Root CA has to be a domain controller? What about > subordinates?</span> Absolutely not true. In fact, if you follow good security practices where you want to reduce the attack surface on your core infrastructure servers, a domain controller should only ever be a domain controller, and a CA should only ever be a CA. -- Paul Adare http://www.identit.ca Shift to the left! Shift to the right! Pop up, push down, byte, byte, byte! Quote
Guest Dobromir Todorov Posted April 16, 2008 Posted April 16, 2008 .... plus following the same good security practices, your Root CA should be offline, while an offline domain controller isn't any good nowadays... -- --- HTH, Dobromir Learn more about Security and Identity Management: Visit http://www.iamechanics.com "Paul Adare" <pkadare@gmail.com> wrote in message news:1tj95axsmmjus.1997pdyfpo2mj.dlg@40tude.net...<span style="color:blue"> > On Tue, 8 Apr 2008 17:18:04 -0700, Gunna wrote: ><span style="color:green"> >> that an Enterprise Root CA has to be a domain controller? What about >> subordinates?</span> > > Absolutely not true. In fact, if you follow good security practices where > you want to reduce the attack surface on your core infrastructure servers, > a domain controller should only ever be a domain controller, and a CA > should only ever be a CA. > > -- > Paul Adare > http://www.identit.ca > Shift to the left! Shift to the right! Pop up, push down, byte, byte, > byte! </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.