|
Posted by haxier on September 19, 2007, 1:28 am
Please log in for more thread options
Hi all!
Scenario: two independent W2k3 domains(A, B), with a bidirectional
trust relationship.
The first domain (A), with a w2k3 Enterprise DC has a computer with
W2k3 Enterprise and Certificate Services installed, so we have our own
Enterprise CA and use it for smart card logon and other things. Now
the CA is integrated with the (A) domain AD, but I can make it a
Standalone CA.
The second domain (B) DC is a W2k3 Standard, so we don't have
Certificate Services there.
=BFCan the second domain use the CA services of the first domain? The
goal is to to have users and servers of each domain
=BFCan one CA work with the two domains in a transparent manner so
certificates go to the right AD? This could be cool.
I know I can install a second W2k3 Enterprise and have two CAs, onefor
each domain but my budget isn't high so I must stick only with one
w2k3 Enterprise.
Thanks
|
|
Posted by Brian Komar on September 19, 2007, 6:26 am
Please log in for more thread options
It comes down to your forest design. If the two domains are in the same
forest, then yes, the enterprise CA can process requests from both domains.
If not, then you need enterprise edition for the cAs in both forests
Brian
Hi all!
Scenario: two independent W2k3 domains(A, B), with a bidirectional
trust relationship.
The first domain (A), with a w2k3 Enterprise DC has a computer with
W2k3 Enterprise and Certificate Services installed, so we have our own
Enterprise CA and use it for smart card logon and other things. Now
the CA is integrated with the (A) domain AD, but I can make it a
Standalone CA.
The second domain (B) DC is a W2k3 Standard, so we don't have
Certificate Services there.
¿Can the second domain use the CA services of the first domain? The
goal is to to have users and servers of each domain
¿Can one CA work with the two domains in a transparent manner so
certificates go to the right AD? This could be cool.
I know I can install a second W2k3 Enterprise and have two CAs, onefor
each domain but my budget isn't high so I must stick only with one
w2k3 Enterprise.
Thanks
|
|
Posted by haxier on September 20, 2007, 7:56 am
Please log in for more thread options > It comes down to your forest design. If the two domains are in the same
> forest, then yes, the enterprise CA can process requests from both domain=
s=2E
> If not, then you need enterprise edition for the cAs in both forests
Thanks.
My goal is allow users to make smart card logon with certificates from
the /local/ CA and an external CA. I know that with a Standalone CA I
can create certificates for users with arbitrary names
(user1@domain1.com, user2@domain_xy.com, etc) and use them to perform
smart card logon, but a Standalone CA cannot create certificates with
the template "Smart card logon" , this certificates are available only
in a Enterprise CA.
=BFHow can I accomplish this?
Thanks
|
| Similar Threads | Posted | | Certificate server for disjointed domains. | July 12, 2005, 10:38 am |
| Certificate Services | August 3, 2005, 12:22 pm |
| Certificate Services | August 6, 2007, 2:10 am |
| Certificate Services Question | September 16, 2005, 1:16 pm |
| Certificate Services will not start ... | October 11, 2005, 11:01 am |
| Certificate Services Issues | October 19, 2005, 1:45 am |
| Uninstalling Certificate Services | October 23, 2005, 12:03 pm |
| Certificate Services Question | November 4, 2005, 10:59 am |
| Certificate Services not Starting. | August 31, 2006, 5:16 am |
| Where to run the Certificate Services to be an Enterprise CA | July 5, 2007, 2:24 pm |
|
XML Sitemap