Jump to content

enterprise vs stand-alone CA

Guest B L Muzzy

By Guest B L Muzzy
in Techno Babble

 Share

Recommended Posts

Guest B L Muzzy

Guest B L Muzzy

Posted
Posted

I want to create a Certificate Authority on each of 2 DCs in a win2003

Active Directory domain. I'm not sure if it makes better sense to set up

Enterprise Root CAs or Stand-alone root CAs. The clients will be coldfusion

web apps that know nothing of windows domains. So they won't be able to

participate 'automatically' in the certificate enrollment available with

Enterprise CAs.

 

I want to have 2 CAs for failover. Each client specifies the DC that it

will use for user creation & password changes explicitedly. That is, i

can't tell them to authenticate with the domain, they have to authenticate

with and communicate over SSL with a specific DC. So i want 2 for

redundancy. If one is the root and suffers hardware failure would a

subordinate function OK or will it choke because it has no root? In which

case I'd think it would be better to make each their own root CA to be fully

independent.

 

I'd appreciate any advice. Thanks,

 

Bob Muzzy

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Peter Foldes

Guest Peter Foldes

Posted
Posted

I think that this below is the newsgroup that you were wanting to post to.

windows.server.security

 

news://msnews.microsoft.com/microsoft.publ...server.security

 

 

--

Peter

 

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

 

"B L Muzzy" <bob.muzzy@planitax.com> wrote in message

news:u3KNMhbqJHA.4704@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

>I want to create a Certificate Authority on each of 2 DCs in a win2003 Active

>Directory domain. I'm not sure if it makes better sense to set up Enterprise Root

>CAs or Stand-alone root CAs. The clients will be coldfusion web apps that know

>nothing of windows domains. So they won't be able to participate 'automatically'

>in the certificate enrollment available with Enterprise CAs.

>

> I want to have 2 CAs for failover. Each client specifies the DC that it will use

> for user creation & password changes explicitedly. That is, i can't tell them to

> authenticate with the domain, they have to authenticate with and communicate over

> SSL with a specific DC. So i want 2 for redundancy. If one is the root and

> suffers hardware failure would a subordinate function OK or will it choke because

> it has no root? In which case I'd think it would be better to make each their own

> root CA to be fully independent.

>

> I'd appreciate any advice. Thanks,

>

> Bob Muzzy

>

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...