Windows Certificate Authority

[Kenny Low]

Dear all,

I just set up a server with MS certificate services to act
as my certificate authority and my intention is issue more
certificates to my clients(internet users) (which do not
have IIS installed), can I do this ? If yes. what is the
concept look like and step by step guides.

Thank you in advance.

Kenny

 

[Shawn Rabourn \(MS\)]

Hi Kenny,

If you are in a Windows 200x domain, you will benefit from installing an
Enterprise CA. The following links serve as a comprehensive beginning set
of documentation about administering a CA and should answer most of your
questions.

http://www.microsoft.com/pki

http://www.microsoft.com/windowsxp/pro/techinfo/planning/pkiwinxp/default.asp

Best Practices:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws3pkibp.asp

Operations guide --

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws03pkog.asp

Let us know if you need anything else. I would like to know what all you
are trying to accomplish so I can help you out some more in depth.



--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

 

[kenny low]

Hi Shawn,

Thank you for your reply, refer to the article no.
Q231881, it stating that Enterprise CA is issueng
certificates to users inside a corporation or a windows
2000 domain and Stand-alone CA is issuing to users outside
of an organization. My CA server is place on a DMZ now and
it also act as a authentication server. As a result,I
think should select the Stand-alone CA, is all this
practise can apply to this relevant infrastructure ?

Thank you in advance.

Kenny Low

 

[Shawn Rabourn \(MS\)]

You can always subordinate an enterprise CA in your domain to the standalone
CA in your DMZ.

The links below talk in depth about this.


--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.