Win2K CA Replication?

  • Thread starter Thread starter SteveC
  • Start date Start date
S

SteveC

I setup a CA with OpenSSL for Windows, and because "everything is a
file", it is easy for me to replicate the configuration to several
servers, letting clients hit any machine to get a cert issued, etc.

I am looking to do the same thing but this time only with the Win2K
Certificate Services. It seems like there can only be one system with
ultimate authority, giving a real problem if that host goes offline
for any reason. I think I missed something.....

Are there any docs/pointers out there for setting up fully redundant
and replicated config Win2K CA's?

Thanks.
 
No, we don't support this - it would break things like common criteria
security requirements, etc.

The best solution is multiple enterprise CAs for redundancy.
 
Back
Top