Archived from groups: microsoft.public.win2000.security (More info?)
Ask him for exactly what purpose, as there are many certificates for
different uses. If he wants to use ipsec to encrypt traffic and use a
require ipsec policy on the application servers to restrict access, by
default kerberos will be used for computer authentication in a domain and
works very well. Otherwise certificates can be used for ipsec. It is not
that difficult to install a Certificate Authority, however users will have
to manually request certificates [in W2K] though computer certificates can
be issued by automatic request via Group Policy. The link below is for the
basics of setting up a CA. --- Steve
"Marlon Brown" <email@example.com> wrote in message
> Win2000SP4 AD domain.
> Application server admin requests that I install digital certificates in
> domain to make all Application servers more protected when being accessed
> from the internal network.
> I would like to double check and see implications and level of importance
> doing that ? Please advise if that is troublesome to implement.