U
UgTI
Guest
Hi
I'm following Design Considerations before Building a Two Tier PKI Infrastructure
A bit confused on points:
Certification Authority Planning:
1.d. d. Root CA: Determine if the CRL and AIA are published in Active Directory or a web site that can be accessed internally and externally.
1.i. Determine the AIA and CDP distribution points for each CA. This step is very critical because these locations are hard coded in each certificate issued by the CA, and will not get updated unless the certificate is renewed.
Are these not the same points?
Best practice is to publish to HTTP - so I will build a new IIS server for this independent of the Root and Sub CA servers.
I will then change my protocol order to HTTP - LDAP - File.
All publishing will be automatic?
Continue reading...
I'm following Design Considerations before Building a Two Tier PKI Infrastructure
A bit confused on points:
Certification Authority Planning:
1.d. d. Root CA: Determine if the CRL and AIA are published in Active Directory or a web site that can be accessed internally and externally.
1.i. Determine the AIA and CDP distribution points for each CA. This step is very critical because these locations are hard coded in each certificate issued by the CA, and will not get updated unless the certificate is renewed.
Are these not the same points?
Best practice is to publish to HTTP - so I will build a new IIS server for this independent of the Root and Sub CA servers.
I will then change my protocol order to HTTP - LDAP - File.
All publishing will be automatic?
Continue reading...