- PKI
- Posted by p.o on March 23rd, 2007
Hi
I've instaled enterprise root ca, and remote access authenticated via cert.
I want to implement PKI from the beginig. What should I do to preserve remote
acces.
I plans to install root ca and one subordinate. Could work two root ca's in
organization.
Could you give me some advice how to implement PKI.
- Posted by Brian Delaney [MSFT] on March 28th, 2007
Hi,
There's really not enough information here. How exactly are you using PKI
for remote access? Do all the users have their own certificate? Are you
using smart cards?
Generally speaking the quickest way to move to a new PKI is to plan and
build the new PKI and reissue all certs from the new CA. If you are
looking for an easier way then run the two roots at the same time using the
new PKI for all new/renewed certs while the old PKI only to republish CRLs,
revoke certs, etc.
Either way, spend some serious time planning the new PKI to ensure you get
it right. Check out www.microsoft.com/pki. Also, I'd recommend engaging
one of the groups at Microsoft to review and assist you with your PKI
design and implementation.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
- Posted by p.o on March 28th, 2007
I'm using my pki to smartcard users, they have using it to remote access.
I've about 400 individual certs sa I can't renew all at one time. I'm also
using my pki to sign sll cert.
Thanks
"Brian Delaney [MSFT]" wrote:
- Posted by Brian Delaney [MSFT] on March 29th, 2007
If reissuing the certificates all at once is not an option which with many
smart card users it likely is not, the best option may be to run the old
and new PKI infrastructure simultaneously. As certificates require
renewal, issue them from the new PKI.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
