Can you explain your reasoning why you think you should never use Microsoft
CA? If there are good reasons I would like to know before we deploy.
We are planning to use 2000 Advanced Server with SCEP to scale our IPSEC on
the routers. We will secure by having the root CA off-line and walking the
ROOT Cert to the RA. Also, the CA cert will remain pending until the
security admin issues it to the router. As well a password is required to
get the cert from the RA, and you cannot get the password without proper
authentication to the website that issues same.
----- Original Message -----
From: "Jason1" <[EMAIL PROTECTED]>
To: "Chris Larson" <[EMAIL PROTECTED]>; "Jim Bond" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 20, 2000 5:31 PM
Subject: Re: CA in IPSec
> I don't think you should ever use MS CA unless your organisation is very
> small and you are very sure that you will never have to cross-certify.
Also,
> you will have to determine what you mean by access the corporate network,
do
> you mean through web or through normal NT RPC protocol . If so, what
version
> of NT are you using ? I'm using that if you are even a bit concern about
> security, then WIN9X is out of the question.
>
>
>
> ----- Original Message -----
> From: "Chris Larson" <[EMAIL PROTECTED]>
> To: "Jim Bond" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, September 20, 2000 5:47 AM
> Subject: Re: CA in IPSec
>
>
> > Microsoft Advance Server has a CA and the resource kit has the SCEP
> (simple
> > cert enrollment protocol) developed by Cisco. You can use this as a root
> CA
> > for your orginaztion (or outside your enterprise) to issue certificates
to
> > the routers, the Cisco VPN client and the 2000 boxes
> >
> >
> > ----- Original Message -----
> > From: "Jim Bond" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Wednesday, September 20, 2000 1:49 AM
> > Subject: CA in IPSec
> >
> >
> > > Hello,
> > >
> > > Is there a way to enroll a PC to CA so we can make
> > > sure users only use this system to get into corporate
> > > network from Internet?
> > >
> > > Thanks in advance.
> > >
> > >
> > > Jim
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Send instant messages & get email alerts with Yahoo! Messenger.
> > > http://im.yahoo.com/
> > >
> > > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > > http://www.groupstudy.com/list/Associates.html
> > > _________________________________
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _______________________________________________________
> > To unsubscribe from the CCIELAB list, send a message to
> > [EMAIL PROTECTED] with the body containing:
> > unsubscribe ccielab
> >
>
>
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
