AD RMS

[AJ]

Hi Folks

New to RMS and seen some conflicting information.

Do we need a Certificate Authority (Internal PKI) to utilise RMS?

I didn't think RMS utilised X509 certs but have read some conflicting
information or misunderstood it!

Is it just an SSL cert for the RMS server that is required as a best
practice to secure RMS client traffic to the RMS server itself, and in
that case we can utilise a third party commercial CA couldn't we?

TIA

AJ

 

[AJ]

Hi Folks

New to RMS and seen some conflicting information.

Do we need a Certificate Authority (Internal PKI) to utilise RMS?

I didn't think RMS utilised X509 certs but have read some conflicting
information or misunderstood it!

Is it just an SSL cert for the RMS server that is required as a best
practice to secure RMS client traffic to the RMS server itself, and in
that case we can utilise a third party commercial CA couldn't we?

TIA

AJ

Think ive just answered my own question:

SSL / TLS Security
It is recommended that Secure Socket Layer / Transport Layer Security
(SSL/TLS) is used to provide server authentication and data encryption
for the users connecting to the AD RMS server. SSL is not required but
it is highly recommended in order to encrypt traffic over the wire. If
SSL is not used, the traffic will be in clear text. This will protect
the client from man-in-the-middle attacks and ensure the
confidentiality of any data collected during the card management
workflows. It is required for ADFS.

SSL requires that your server have a valid SSL certificate installed
for the Web site. The required Web Server certificates may be issued
by the customer’s PKI itself or purchased externally. When planning
the solution deployment you should consider how these certificates
will be made available to the AD RMS servers.

Thanks anyway!

AJ