Hello Cosmo,
I am not the AD CS expert but hopefully this helps to start:
1. See here for details about, applies also for Windows server 2008:
http://technet.microsoft.com/en-us/l...89(WS.10).aspx
http://technet.microsoft.com/en-us/l...95(WS.10).aspx
2. According to this article you should use your own NAP CA as standalone
or a subordinate CA:
http://technet.microsoft.com/en-us/l...44(WS.10).aspx
Also check this one:
http://www.microsoft.com/downloads/d...displaylang=en
3. No, the subordinate can work alone and many organizations minimize the
exposure of their root CA by keeping it offline except when it is needed
to process a request for a subordinate CA certificate.:
4. See here about clustering AD CS within Windows server 2008:
http://technet.microsoft.com/en-us/l...17(WS.10).aspx
See here about all resources:
http://technet.microsoft.com/en-us/l.../cc534992.aspx
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> I'm new to W2K8 CA's and was wondering if someone could please answer
> my below questions:
>
> 1) What are the pro's and con's between a Standalone and an Enterprise
> Root CA?
>
> 2) Does a Root CA always has to been online for NAP with IPsec to
> work?
>
> 3) Does a Root CA have to be online of a Subordinate CA to automatic
> enrol a certificate to a client?
>
> 4) For HA reasons, can you MSCS cluster Subordinate CA's?
>
> Cheers,
> Cosm
Similar Threads
Linear Mode
