PKI CRL LDAP location exposes infos about internal DS structure toexternal customers

  • Thread starter Thread starter Reinhard Henke
  • Start date Start date
R

Reinhard Henke

I want to set up a 2 tier PKI based on W2K3. The issuing CA is AD
integrated. Certificates are also to be provided to external customers
for secure web transactions.

Unfortunately, the LDAP URL in the CRL extensions exposes details about
the internal AD structure and NB-name of the CA. I read about LDAP
translation but couldn't find any info on how to implement that.

How can I obscure these details on the internal AD structure?
How critical would you value keeping these details in the CRLs?
Microsoft themselves advise in their design documents to obscure it but
unfortunately don't tell how...

You help is really appreciated.

Reinhard
 
Back
Top