enterprise vs stand-alone CA?

Discussion in 'Server Security' started by B L Muzzy, Mar 21, 2009.

  1. B L Muzzy

    B L Muzzy Guest

    I want to create a Certificate Authority on each of 2 DCs in a win2003
    Active Directory domain. I'm not sure if it makes better sense to set up
    Enterprise Root CAs or Stand-alone root CAs. The clients will be coldfusion
    web apps that know nothing of windows domains. So they won't be able to
    participate 'automatically' in the certificate enrollment available with
    Enterprise CAs.

    I want to have 2 CAs for failover. Each client specifies the DC that it
    will use for user creation & password changes explicitedly. That is, i
    can't tell them to authenticate with the domain, they have to authenticate
    with and communicate over SSL with a specific DC. So i want 2 for
    redundancy. If one is the root and suffers hardware failure would a
    subordinate function OK or will it choke because it has no root? In which
    case I'd think it would be better to make each their own root CA to be fully
    independent.

    I'd appreciate any advice. Thanks,

    Bob Muzzy
     
    B L Muzzy, Mar 21, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.