PKI Security Issues and Concern

Archived from groups: microsoft.public.win2000.security (More info?)

Hello Microsoft Gurus,

I have several questions regarding MS Certificate
Authorities deployment.

Question 1. Can the stand alone CA be used to perform
certificate life cycle duties for internet based Web
browser users?

Question 2. How are code signing certs requested,
generated, and delivered via MS Certificate Services?

Question 3. Can Cert Services generated keys be used for
signature generation with Java's JCE (Java Crypto
Environment)?

Question 4. Can the subordinate CA reject cert request
based on their internet based origin?

Ans. 1:
Ans. 2:
Ans. 3:
Ans. 4:

Thank you very much.
1 answer Last reply
More about security issues concern
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    "JUN Framil" <junframil@ayalasystems.com> wrote in message
    news:0e0501c47b25$b0bbf190$a501280a@phx.gbl...
    > Hello Microsoft Gurus,
    >
    > I have several questions regarding MS Certificate
    > Authorities deployment.
    >
    > Question 1. Can the stand alone CA be used to perform
    > certificate life cycle duties for internet based Web
    > browser users?
    >
    > Question 2. How are code signing certs requested,
    > generated, and delivered via MS Certificate Services?
    >
    > Question 3. Can Cert Services generated keys be used for
    > signature generation with Java's JCE (Java Crypto
    > Environment)?
    >
    > Question 4. Can the subordinate CA reject cert request
    > based on their internet based origin?
    >
    > Ans. 1:
    > Ans. 2:
    > Ans. 3:
    > Ans. 4:
    >
    > Thank you very much.
    I am not a guru, but have some experience with Windows Server 2003
    Certificate Authority:

    Can you elaborate on question 1? It usually will be necessary to download a
    copy
    of the CA public key certificate into the trusted CA portion of the client's
    certificate store
    in order to validate any certificate generated by the CA. This can be a
    pain.

    W.R.T. 3, you probably will have to export both the certificate and private
    key in pkcs12 format
    into the JCE key store.

    W.R.T. 4, The registration authority could reject mailed requests for
    certificates based on the source of
    the request. Or a firewall could keep out internet requests of all sorts
    from a given IP address
    or a machine not part of the domain.
    Ed
Ask a new question

Read More

Security Microsoft Certificate Windows