2003 Standard CA Stand Alone Vs. Enterprise

Discussion in 'Server Security' started by Griff, Feb 14, 2005.

  1. Griff

    Griff Guest

    My company wants to secure VPN traffic and executive emails using
    certificates. With the limitations of 2003 standard, can I do this? If so
    should I install the CA as an Enterprise or stand alone? Thanks
     
    Griff, Feb 14, 2005
    #1
    1. Advertisements

  2. Griff

    Mark Gamache Guest

    In general, you want the Enterprise CA. It directly interfaces with AD
    which makes management much easier. There might be specific design
    considerations in your environment that may change that, but it is unlikely.
     
    Mark Gamache, Feb 14, 2005
    #2
    1. Advertisements

  3. An Enterprise CA makes more sense for an AD domain. Windows 2003 Standard
    however does not have the more advanced feature of Windows 2003 Enterprise,
    namely version 2 templates which can be used for autoenrollment for users
    and computers. You can however enable automatic request for computer
    certificates via Group Policy. --- Steve
     
    Steven L Umbach, Feb 15, 2005
    #3
  4. Griff

    Griff Guest

    Can I make the Version 1 Certs work in a 2003 VPN and Exchange environment
     
    Griff, Feb 15, 2005
    #4
  5. Steven L Umbach, Feb 15, 2005
    #5
  6. Griff

    Griff Guest

    Thanks for the help!! I have installed the Enterprise Root CA and a Sub to
    issue through the web. Is there any special consideration to make this work
    with email? The root is on the exchange server, but I am having difficulties
    encrypting and signing messages. Any additional help would be great....
     
    Griff, Feb 16, 2005
    #6
  7. You will have to issue [have them request] the proper certificates to the
    users such as the user certificate. They can do that via Web Enrollment or
    by opening the certificate mmc snapin for users, go to the
    personal/certificates folder, right click, select all tasks - request
    certificate. By default domain computers should already trust the Enterprise
    CA but you can check to make sure the CA's certificate shows in the trusted
    root CA folder. User certificate should already be available for users.
    Beyond that since I don't use Exchange I suggest you post in one of the
    Exchange newsgroups for the fine details to get things working
    moothly. --- Steve
     
    Steven L Umbach, Feb 17, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.