Easy question on PKI, 2 level hierarchy design

Discussion in 'Security Software' started by Marlon Brown, Dec 4, 2006.

  1. Marlon Brown

    Marlon Brown Guest

    I need to issue internal certs for web servers and other applications in the
    future.

    If I setup a 2 level hierarchy Win2003domain, MS PKI solution, imagine I
    would use 2 servers without warranty (P4 1GB CPU, 2GB RAM), 3 year old Dell
    servers for the OFFLINE ROOT CA.

    I understand that I would keep the OFFLINE ROOT CA's shutdown and secured.

    Can you confirm in what occasion I would need to bring thosed OFFLINE ROOT
    CA online again ?
     
    Marlon Brown, Dec 4, 2006
    #1
    1. Advertisements

  2. You need to bring them up to:
    - Issue updated CRLs at regular intervals defined at the CA
    - Issue new subordinate CA certificates
    - Renew existing subordinate CA certificates
    - revoke existing subordinate CA certificates

    Brian
     
    Brian Komar [MVP], Dec 5, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.