PKI CRL LDAP location exposes infos about internal DS structure toexternal customers

Reinhard Henke · Mar 8, 2008

I want to set up a 2 tier PKI based on W2K3. The issuing CA is AD
integrated. Certificates are also to be provided to external customers
for secure web transactions.

Unfortunately, the LDAP URL in the CRL extensions exposes details about
the internal AD structure and NB-name of the CA. I read about LDAP
translation but couldn't find any info on how to implement that.

How can I obscure these details on the internal AD structure?
How critical would you value keeping these details in the CRLs?
Microsoft themselves advise in their design documents to obscure it but
unfortunately don't tell how...

You help is really appreciated.

Reinhard

Tony Toews [MVP] · Mar 9, 2008

Reinhard Henke said:
You help is really appreciated.

Regretfully this is a newsgroup for security within Microsoft Access.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

CRL and AIA CDP in certificates exposes internal AD configuration information	2	May 3, 2004
Recommendations about 2-tier PKI, OIDs and CAPolicy.inf file	2	May 10, 2004
Explained: Re-shipment scams (work at home) and what they do when theyhave your credit-card info	0	Jul 12, 2005
Brief summary: Windows Server 2003/XP Resource Kit Tools	1	Jan 19, 2004
Asp.net Important Topics.	0	Jan 18, 2007
"FWT Newsletter - Weekly - August 30, 2004	6	Sep 2, 2004
FWT Newsletter - Weekly - October 18, 2004	0	Oct 18, 2004
OpenOffice.Org Newsletter - Vol. 01 Issue 9	3	Mar 29, 2004

PKI CRL LDAP location exposes infos about internal DS structure toexternal customers

Reinhard Henke

Tony Toews [MVP]

Ask a Question

Similar Threads