PKI: choosing an enrollment method advice

Discussion in 'Security Software' started by Marlon Brown, Jan 22, 2007.

  1. Marlon Brown

    Marlon Brown Guest

    I will be deploying a Two-Tier hierarchy PK infrastructure solution.

    Initially we will be using the solution to issue certificates for about 5
    web/application servers operate using SSL.

    Let's say I have total of 100 Windows XP clients connecting to such 5
    web/application servers. My network has about 5,000 WinXP clients which
    should use certs from my PKI to operate secure wireless connections, VPN,
    etc. Please note that right now my goal is to address and protect
    connections to the internal application servers.

    My question is, what type of enrollment method should I use ? I am planning
    to deploy (2) servers dedicated for Enterprise CA. I am not sure whether I
    should play with manual enrollment or play with group policies, scripts,
    etc.

    Any advice?
     
    Marlon Brown, Jan 22, 2007
    #1
    1. Advertisements

  2. It all depends on assurance levels that you require. If providing account and password is
    sufficient, then autoenrollment is definitely the way to go. If you require face-to-face,
    then you need to look at an RA, such as Certificate Lifecycle Manager (www.microsoft.com/clm)
    Brian
     
    Brian Komar [MVP], Jan 23, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.