can a microsoft enteprise Root CA be offline?

  • Thread starter Thread starter izael
  • Start date Start date
I

izael

Hi everyone, sorry my english

Does anyone know if a microsoft enterprise root certification
authority can be offline?

I have notice that if the CA server is offline, the EAP-TLS clients
cannot be authenticated by the IAS server.

Isn´t it suppose that the the certificates are valid by them selfs?
why does the CA needs to be available in order to the certificates be
authenticated?, is there any redundancy squeme that could be used?, if
the Ca server fails, nobody would be able to acces the network

thaks in advance
 
Hi everyone, sorry my english

Does anyone know if a microsoft enterprise root certification
authority can be offline?

I have notice that if the CA server is offline, the EAP-TLS clients
cannot be authenticated by the IAS server.

Isn=3Ft it suppose that the the certificates are valid by them selfs?
why does the CA needs to be available in order to the certificates be
authenticated?, is there any redundancy squeme that could be used?, if
the Ca server fails, nobody would be able to acces the network

thaks in advance
Click to expand...
No. To be an offline CA, the root CA must be installed as a Standalone
Root CA. Please see the best practices whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/
operate/ws3pkibp.asp


Brian
 
Back
Top