cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PKI Implementation

Ed Gallagher
Brass Contributor

‎Nov 20 2018 08:34 PM - last edited on ‎Feb 19 2021 04:56 AM by

‎Nov 20 2018 08:34 PM - last edited on ‎Feb 19 2021 04:56 AM by

PKI Implementation

I'm implementing a two tier, offline Root CA, PKI for a small client with need for some "proper" security. Since it is a small business, I'm trying to reduce server count to keep maintenance and licensing costs down.
So I'm wondering what else would be reasonable to run on the same VM as the Enterprise CA.
Since I am also going to implement AAD Connect, are there any issues/risks associated with running AAD Connect and the Enterprise CA on the same server?
Any other thoughts or ideas?
Thanks

Labels:
1,300 Views
0 Likes
2 Replies
Reply
2 Replies
Petri Aalto

‎Nov 23 2018 05:16 AM

‎Nov 23 2018 05:16 AM

Re: PKI Implementation

IMO, I will keep Certificate servers always separately from other roles while you also have to think how to publish CRL list for example to Internet if there is a need. Secondly if something happens there is a risk how the renew all certificates in the client side where the users interuption shows a major thing if they cannot for example sign in to Network while the IEEE802.1x does not work.

 

Petri

 

1 Like
Reply
Simon Day

‎Dec 07 2018 01:22 AM

‎Dec 07 2018 01:22 AM

Re: PKI Implementation

If the customer has a small team and is not very process orientated it may make sense to dis regard the "offline" RootCA. This may seem counter intuitive but it requires additional disciplined processes for management and maintenance and it's value is limited unless it is genuinely offline and is never connected to a network.

0 Likes
Reply