Archived from groups: microsoft.public.win2000.security (More info?)
Hi,
I have just had to install Windows 2000 Certificate services and setup
a two-machine CA for our company. While the installation has gone
without a hitch, I am left with two machines which do not act as i had
expected and it is probably my understanding of the system which is at
fault.
I wonder if someone with more experience of this stuff could help me
out here?
I have a CA root server (Active Directory) and a CA Subordinate server
(Active Directory).
I can connect to both through the web interface and request and get
new certificates which can be successfully installed into Internet
Explorer.
Question 1:
As I understand it, I am supposed to do all my requests on the
subordinate server and leave the CA root alone. However, If I do this
then the CA Root server only ever shows (in the past 48 hours at
least), the certificates which were issued directly from itself. It
does not show the certificates issued or revoked or failed which were
produced as a result of requests from the subordinate server.
Should activity on the CA subordinate server not be reflected in the
CA Root server (as it is the ultimate controller of this system)?
Question 2:
I have exported a certificate and imported it into Outlook 2002. It
(Outlook) is capable of sending signed messages and recognising signed
messages sent from a different account as signed.
It fails completely with any attempt to encrypt a message and send it
to a user account which has already sent a signed message. I get a
warning that there is a problem with the other persons certificate and
that it is not trusted.
Question 3:
There are alot of options for what type of encryption I want when I
request a certificate. Can someone tell me what the best all round
secure setting is when requesting a certificate through the "request
form"?
Thanks for the help here.
Hi,
I have just had to install Windows 2000 Certificate services and setup
a two-machine CA for our company. While the installation has gone
without a hitch, I am left with two machines which do not act as i had
expected and it is probably my understanding of the system which is at
fault.
I wonder if someone with more experience of this stuff could help me
out here?
I have a CA root server (Active Directory) and a CA Subordinate server
(Active Directory).
I can connect to both through the web interface and request and get
new certificates which can be successfully installed into Internet
Explorer.
Question 1:
As I understand it, I am supposed to do all my requests on the
subordinate server and leave the CA root alone. However, If I do this
then the CA Root server only ever shows (in the past 48 hours at
least), the certificates which were issued directly from itself. It
does not show the certificates issued or revoked or failed which were
produced as a result of requests from the subordinate server.
Should activity on the CA subordinate server not be reflected in the
CA Root server (as it is the ultimate controller of this system)?
Question 2:
I have exported a certificate and imported it into Outlook 2002. It
(Outlook) is capable of sending signed messages and recognising signed
messages sent from a different account as signed.
It fails completely with any attempt to encrypt a message and send it
to a user account which has already sent a signed message. I get a
warning that there is a problem with the other persons certificate and
that it is not trusted.
Question 3:
There are alot of options for what type of encryption I want when I
request a certificate. Can someone tell me what the best all round
secure setting is when requesting a certificate through the "request
form"?
Thanks for the help here.
Facebook
Twitter
Instagram