can a microsoft enteprise Root CA be offline?

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi everyone, sorry my english

Does anyone know if a microsoft enterprise root certification
authority can be offline?

I have notice that if the CA server is offline, the EAP-TLS clients
cannot be authenticated by the IAS server.

Isn´t it suppose that the the certificates are valid by them selfs?
why does the CA needs to be available in order to the certificates be
authenticated?, is there any redundancy squeme that could be used?, if
the Ca server fails, nobody would be able to acces the network

thaks in advance
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

In article <d51193cc.0410260952.50d69cc9@posting.google.com>,
izael.ochoa@reforma.com says...
> Hi everyone, sorry my english
>
> Does anyone know if a microsoft enterprise root certification
> authority can be offline?
>
> I have notice that if the CA server is offline, the EAP-TLS clients
> cannot be authenticated by the IAS server.
>
> Isn=3Ft it suppose that the the certificates are valid by them selfs?
> why does the CA needs to be available in order to the certificates be
> authenticated?, is there any redundancy squeme that could be used?, if
> the Ca server fails, nobody would be able to acces the network
>
> thaks in advance
>
No. To be an offline CA, the root CA must be installed as a Standalone
Root CA. Please see the best practices whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/
operate/ws3pkibp.asp


Brian
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom