|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS and enterpise sub CA on different machinesThe Brain Komar texts implies that the enterprise subordinate CA (i.e.
issuing CA) needs to reside on the same machine as IIS. From a security perspective, this seems like a poor design. From a network standpoint, it means I have to support multiple IIS servers in my LAN. Neither is acceptable. I would like to utilize my existing IIS server (not on issuing CA) to provide certificate enrollment. Adding the virtual directories seems to be pretty simple, then adding pointers from the CA to the IIS server. Is their anything I am missing? If someone has a good reference or web link on how to set up using this scenario, much appreciated. Edward W. Ray CISSP,MCSE+Security,GCIA, GCIH Hi,
A little confused about what you want to accomplish here. Are you talking about the CA's web enrolment functionality? You can "recreate" the virtual directories on any IIS box, but how exactly is that IIS box going to provide the ability to submit cert requests if it doesn't have Certificate Services installed? I know you mentioned "adding pointers from the CA to the IIS server", but that doesn't really make a lot of sense to me... Chees Ken Show quoteHide quote "Edward Ray" <ewray@newsgroup.nospam> wrote in message news:O1xRVuDVGHA.1688@TK2MSFTNGP11.phx.gbl... : The Brain Komar texts implies that the enterprise subordinate CA (i.e. : issuing CA) needs to reside on the same machine as IIS. From a security : perspective, this seems like a poor design. From a network standpoint, it : means I have to support multiple IIS servers in my LAN. : : Neither is acceptable. I would like to utilize my existing IIS server (not : on issuing CA) to provide certificate enrollment. Adding the virtual : directories seems to be pretty simple, then adding pointers from the CA to : the IIS server. : : Is their anything I am missing? If someone has a good reference or web link : on how to set up using this scenario, much appreciated. : : : Edward W. Ray : CISSP,MCSE+Security,GCIA, GCIH : : Hi Edward,
Thanks for your post! From your description, you want to reside the CA site from the CA server. If I have misunderstood anything, please let me know. As far as I know, there are no any specifications to relate the current issue. However, I think the way you mentioned is one workaround. According your words, adding pointer to CA server via IIS is simple. Same with Ken, I also have a little confusion for the "enrollment functionality". Could you please give me more details about the current statement? I appreciate your understanding! Regards, Yuan Ren Microsoft Online Community Support ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights 
Other interesting topics
HTTP_AUTHORIZATION header
Anonymous Account not working IIS 5 allows anonymous editing via Frontpage IIS6 'forgets' "Connect As" password for Virtual Directory Passing form credentials to windows security run cgi in localhost without SSL? 403 (Forbidden) after setting up SSL Redirect Single authentication for multiple IIS 6 servers Cannot connect to Web Server from Different Domain Err:The server certificate for instance '4' has expired or is not |
|||||||||||||||||||||||
