The preferred method
Microsoft best practice is to install a standalone root CA with an enterprise subordinate CA. The Standalone can then be isolated offline for enhanced security while the subordinate takes over issuing certificates.
The following videos gives a short demo of installing two CAs using server 2003 … it is a good starting point for his 2008 videos.
Microsoft CA 1 of 2 - Setup Standalone Root
Microsoft CA 2 of 2 - Enterprise Subordinate
The following video gives a short demo of CA autoenrollment using server 2003.
Microsoft CA - Autoenrollment Step-by-Step
In reality a single tier
While it is best practice to have two CAs … see above … in many instances you may only have one server at your disposal.
Single Tier PKI one CA that does all the issuing of certificates aimed at small business of up to 300.
Certificate Services 2008 R2 - Installing a Single Tier PKI
SSL in depth
Certificate Services 2008 1 of 4 - Installing a Microsoft CA
Certificate Services 2008 2 of 4 - Implementing a SSL Certificate
Certificate Services 2008 3 of 4 - Binding the SSL Certificate
Certificate Services 2008 4 of 4 - SSL Under the hood
Certificate Services 2008 1 of 2 - Autoenrollment (concept)
Certificate Services 2008 2 of 2 - Autoenrollment Step By Step
No comments:
Post a Comment