I want to create a Certificate Authority on each of 2 DCs in a win2003
Active Directory domain. I'm not sure if it makes better sense to set up
Enterprise Root CAs or Stand-alone root CAs. The clients will be coldfusion
web apps that know nothing of windows domains. So they won't be able to
participate 'automatically' in the certificate enrollment available with
Enterprise CAs.
I want to have 2 CAs for failover. Each client specifies the DC that it
will use for user creation & password changes explicitedly. That is, i
can't tell them to authenticate with the domain, they have to authenticate
with and communicate over SSL with a specific DC. So i want 2 for
redundancy. If one is the root and suffers hardware failure would a
subordinate function OK or will it choke because it has no root? In which
case I'd think it would be better to make each their own root CA to be fully
independent.
I'd appreciate any advice. Thanks,
Bob Muzzy
|
Similar Threads
Linear Mode
