Easy question on PKI, 2 level hierarchy design

Easy question on PKI, 2 level hierarchy design
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Easy question on PKI, 2 level hierarchy design Marlon Brown 12-04-2006
Posted by Marlon Brown on December 4, 2006, 12:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I need to issue internal certs for web servers and other applications in the
future.

If I setup a 2 level hierarchy Win2003domain, MS PKI solution, imagine I
would use 2 servers without warranty (P4 1GB CPU, 2GB RAM), 3 year old Dell
servers for the OFFLINE ROOT CA.

I understand that I would keep the OFFLINE ROOT CA's shutdown and secured.

Can you confirm in what occasion I would need to bring thosed OFFLINE ROOT
CA online again ?



Posted by Brian Komar [MVP] on December 5, 2006, 6:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
MarlonBrown@discussions.microsoft.com
says...
> I need to issue internal certs for web servers and other applications in the
> future.
>
> If I setup a 2 level hierarchy Win2003domain, MS PKI solution, imagine I
> would use 2 servers without warranty (P4 1GB CPU, 2GB RAM), 3 year old Dell
> servers for the OFFLINE ROOT CA.
>
> I understand that I would keep the OFFLINE ROOT CA's shutdown and secured.
>
> Can you confirm in what occasion I would need to bring thosed OFFLINE ROOT
> CA online again ?
>
>
>
You need to bring them up to:
- Issue updated CRLs at regular intervals defined at the CA
- Issue new subordinate CA certificates
- Renew existing subordinate CA certificates
- revoke existing subordinate CA certificates

Brian

Similar ThreadsPosted
Security token design question July 28, 2005, 3:06 pm
Offline Root CA: Easy question on step 'Specify CRL distribution points' (newbie, please help) January 23, 2007, 5:51 pm
PKI (CA Hierarchy) and Hyper-V pros and cons March 30, 2008, 4:09 pm
Help with security design documentation March 8, 2006, 4:26 pm
Re: Securing Floopy Disk - Design strategy June 23, 2005, 11:22 pm
Easy Start Button August 23, 2006, 4:26 am
Cheap Easy Smartcard Solution for DC Logins? January 28, 2007, 8:47 pm
"Up One Level" button March 29, 2006, 7:07 pm
Authentication Level March 14, 2007, 1:04 pm
Disk level encryption July 13, 2005, 10:54 am

The site map in XML format XML site map

Contact Us | Privacy Policy