Certificate Web Enrollment



We are designing a Windows 2003 PKI. We are trying to decide whether
to place certificate web enrollment on the web farm or on dedicated

The only thing currently holding us back from hosting web enrollment
from our web farm is that we will have to trust all the web farm
servers for delegation. Currently, all web farm servers have the
"Trust computer for delegation" unchecked. What security issues arise
once the computer is delegated? I have been unable to find details on

Convincing the web area to allow this to be checked when right next to
the check box for this setting there is an exclamation sign and a
statement saying "This security-sensitive option..." will require an
explanation of why this is a security-sensitive option and whether
there is some risk involved. Could anyone provide some insight into
what possible vulnerabilities delegating a computer for delegation
opens up?

Does anyone have any other reasons why/why not to host web enrollment
from our web farm rather than dedicated servers.



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question