Click here to get back home

Certs in non-domain environment:
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Certs in non-domain environment: Kristin Griffin 01-24-2008
Posted by Kristin Griffin on January 24, 2008, 12:51 pm
Please log in for more thread options
 Hi there.

I have been learning about PKI and AD CS. And there is alot of material
about using active Directory to hand out certs.
But what if you were in a non-domain environment. How would 2 companies use
each other's certs? Let's say that company A and company B each had AD CS
running on standalone machines. Let's say they each were part of a
workgroup instead of a domain.

In order to use each other's certts, would they need to manually exchange
certs, put them each other's cert store, and also exchange the Root CA cert
and put that in the certificate store (in two places I think)?

Or am I thinking about this all wrong?

Thanks for your help.

Kristin



Posted by Mark Burnett on January 31, 2008, 3:34 pm
Please log in for more thread options
 Correct, you would store each other's certs (and the certs that sign those
certs) in each other's store. Another option, if you don't already have PKI
in place, is to use free certs from cacert.org and have them as the CA.


Mark Burnett


> Hi there.
>
> I have been learning about PKI and AD CS. And there is alot of material
> about using active Directory to hand out certs.
> But what if you were in a non-domain environment. How would 2 companies
> use
> each other's certs? Let's say that company A and company B each had AD CS
> running on standalone machines. Let's say they each were part of a
> workgroup instead of a domain.
>
> In order to use each other's certts, would they need to manually exchange
> certs, put them each other's cert store, and also exchange the Root CA
> cert
> and put that in the certificate store (in two places I think)?
>
> Or am I thinking about this all wrong?
>
> Thanks for your help.
>
> Kristin
>
>


Similar ThreadsPosted
Child domain laptops autoenrolling user certs but not computer certs May 21, 2008, 4:19 pm
Problem with Machine Certs being used as User Certs June 15, 2005, 7:06 am
setting up 2-Tier CA Environment July 14, 2005, 3:36 pm
PKI in multi sites/domains environment December 10, 2007, 12:29 pm
Fine-grained Entitlement Management in SOA Microsoft Environment September 26, 2007, 9:53 pm
machine password expiration in the 2003 domain environment April 14, 2008, 10:57 am
Viewing CMOS\BIOS settings in MS Server 2003 GUI environment June 3, 2006, 3:14 am
Windows Vista Group Policies in a Server 2003 SP1 Domain environment May 11, 2007, 9:21 am
Self-signed certs for FTP October 10, 2006, 7:07 pm
CA configuration to publish certs in AD October 2, 2006, 9:42 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap