|
Posted by =?Utf-8?B?V29uZyBUdWNrIFdhaA== on July 14, 2005, 10:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
In the real world, the root CA is always store offline for security reason.
So what they do is to create a CA Hierarchy, and let the lower level CA
(issuing CA) for certificate delpoyment. This will be transparent to users
regardless of whether the root CA is offline or not as it is now not the one
who issue cert directly.
Check out on this site for more detail deployment infor.
"http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/27bdfc11-96fd-4082-8458-8111af7d6abd.mspx"
HTH.
"cobra" wrote:
> hi all
>
> currently we have a trusted CA running and issuing certificates, but since
> it is not accessible most of the time, Certifcates for IIS Portal Users can
> not be issued in time.
>
> Therefor we need to make a new TRUSTED CA in our region.
>
> There are approx 500 Users and 100 user migrations per year.
>
> Since the Certificate that the CA issues must be trusted, what options do we
> have?
>
> Can we have a new CA, and make a trusted root certificate for the IIS Server
> and make Certificates for all users and map the new ones to the already
> existing users on the IIS (like many-to-one)
>
> What needs to be done so the end user does not realize that there is a new
> CA, and what is needed for a trusted certifacate (all green, no yellow in the
> dialog box)
>
> im sorry if my explanation is a bit rough, but im doing a solution design
> and am not really a CA specialist. It would be helpfull to have some valuable
> input form professionals on what is realistic and what is not.
>
>
>
| 
XML site map