M
Max
We are designing a Windows 2003 PKI. We are trying to decide whether
to place certificate web enrollment on the web farm or on dedicated
servers.
The only thing currently holding us back from hosting web enrollment
from our web farm is that we will have to trust all the web farm
servers for delegation. Currently, all web farm servers have the
"Trust computer for delegation" unchecked. What security issues arise
once the computer is delegated? I have been unable to find details on
this.
Convincing the web area to allow this to be checked when right next to
the check box for this setting there is an exclamation sign and a
statement saying "This security-sensitive option..." will require an
explanation of why this is a security-sensitive option and whether
there is some risk involved. Could anyone provide some insight into
what possible vulnerabilities delegating a computer for delegation
opens up?
Does anyone have any other reasons why/why not to host web enrollment
from our web farm rather than dedicated servers.
Thanks,
Max
to place certificate web enrollment on the web farm or on dedicated
servers.
The only thing currently holding us back from hosting web enrollment
from our web farm is that we will have to trust all the web farm
servers for delegation. Currently, all web farm servers have the
"Trust computer for delegation" unchecked. What security issues arise
once the computer is delegated? I have been unable to find details on
this.
Convincing the web area to allow this to be checked when right next to
the check box for this setting there is an exclamation sign and a
statement saying "This security-sensitive option..." will require an
explanation of why this is a security-sensitive option and whether
there is some risk involved. Could anyone provide some insight into
what possible vulnerabilities delegating a computer for delegation
opens up?
Does anyone have any other reasons why/why not to host web enrollment
from our web farm rather than dedicated servers.
Thanks,
Max