can a microsoft enteprise Root CA be offline?

I

izael

Hi everyone, sorry my english

Does anyone know if a microsoft enterprise root certification
authority can be offline?

I have notice that if the CA server is offline, the EAP-TLS clients
cannot be authenticated by the IAS server.

Isn´t it suppose that the the certificates are valid by them selfs?
why does the CA needs to be available in order to the certificates be
authenticated?, is there any redundancy squeme that could be used?, if
the Ca server fails, nobody would be able to acces the network

thaks in advance
 
B

Brian Komar

Hi everyone, sorry my english

Does anyone know if a microsoft enterprise root certification
authority can be offline?

I have notice that if the CA server is offline, the EAP-TLS clients
cannot be authenticated by the IAS server.

Isn=3Ft it suppose that the the certificates are valid by them selfs?
why does the CA needs to be available in order to the certificates be
authenticated?, is there any redundancy squeme that could be used?, if
the Ca server fails, nobody would be able to acces the network

thaks in advance
Click to expand...
No. To be an offline CA, the root CA must be installed as a Standalone
Root CA. Please see the best practices whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/
operate/ws3pkibp.asp


Brian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EAP-TLS with a standalone CA 2
Offline Root CA - AutoEnrollment 4
Why enterprise root CA automatically isue certificates. 5
CA Problems 6
Offline Root Certificate Server and subordinate CA 5
EFS Auto enroll 0
Isolation of the Root CA 6
Windows 2003 Enterprise CA & Restored State 1

Top