Public Key Infrastructure

Discussion in 'Wireless Networking' started by, Sep 12, 2005.

  1. Guest

    I am going down the path of designing a PKI.

    Initially it will be used to provide SSL for OWA and Citrix but will be
    used for secure logon to AD in the future.

    The architecture I have come up with after some reading is to install a
    Stand-Alone Root CA, publish the CRL and Root Certificate to AD, then
    install an Enterprise Subordinate Issuing CA to provide the secure AD
    function for the internal users. The Stand-Alone Root would then be
    secured off the network.

    I would then have another Stand-Alone CA in the DMZ to provide the
    certificates for SSL and any future VPN requirements from external

    Does this sound reasonable to the CA knowledgeables out there? Also I
    had intended for the DMZ CA to be another Stand-Alone Root but have
    read articles stating that this could also be a subordinate Stand-Alone

    , Sep 12, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page