|
Home > Archive > 70-220 > September 2001 > CAs
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| trebor 2001-09-09, 12:53 pm |
| Wow. I just got my nose out of a book and am looking around for some practice tests and all I find are answers. I don't want to be judgemental but I don't even know what the questions are.
One answer I came across raised an interesting question that I am wondering about and it is that it is recommended that an enterprise root CA (which requires AD)should be taken offline. on the other hand it says in the MS knoweldge base:
"An enterprise root requires access to the Active Directory, which is unavailable if the server is disconnected from the network. You should not install an enterprise root on an offline domain controller."
What is the answer to this paradox?
trebor | |
| JohnnyBeGood 2001-09-10, 5:14 pm |
| Taking an enterprise root CA offline is a good idea because once your Issuing and subordinate CA's are up and running and have received certificates from the Enterprise root, there is no need to compromise the security of the root. If someone(something) does compromise it or it goes down, then the subs and issuing CA's become compromised too. | |
| trebor 2001-09-15, 3:38 am |
| So lets see AD must be resent when the server is made into a CA. Then you pull out the network cable so that the enterprise root cannot be comprimised.
Is the enterprise root CA still an object in AD when it isn't even part of the network?
Trebor |
|
|
|
|