Public Key Infrastructure

Discussion in 'Wireless Networking' started by Rhyd911, Sep 12, 2005.

  1. Rhyd911

    Rhyd911 Guest

    I am going down the path of designing a PKI.

    Initially it will be used to provide SSL for OWA and Citrix but will be
    used for secure logon to AD in the future.

    The architecture I have come up with after some reading is to install a
    Stand-Alone Root CA, publish the CRL and Root Certificate to AD, then
    install an Enterprise Subordinate Issuing CA to provide the secure AD
    function for the internal users. The Stand-Alone Root would then be
    secured off the network.

    I would then have another Stand-Alone CA in the DMZ to provide the
    certificates for SSL and any future VPN requirements from external
    parties.

    Does this sound reasonable to the CA knowledgeables out there? Also I
    had intended for the DMZ CA to be another Stand-Alone Root but have
    read articles stating that this could also be a subordinate Stand-Alone
    CA.

    TIA,
    R.
     
    Rhyd911, Sep 12, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.