subject:"RE\: Certificate authority"

RE: Certificate authority

2012-07-05 Thread jwalters

Thanks for the great comments.  I'll revisit the design with the vendor helping 
me implement the solution.  It seems clear that I should be using a commercial 
cert for the edge services - access.xyz.com, webcon.xyz.com, av.xyz.com.

In addition to the needs for my Lync installation, I had originally intended to 
use an internal CA to issue certs to company laptops and cell phones in the 
case where management chooses to want to limit access to outlook anywhere and 
activesync to only company issued devices.  Does that sound reasonable or is 
there a better way to limit access to such things to company issued devices 
should that be their whim?

Jim

From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Wednesday, July 04, 2012 9:21 AM
To: NT System Admin Issues
Subject: Re: Certificate authority

I'd have to concur, especially if federating is in your Lync future.

Besides that if you are utilizing smart phones/3rd party software it's much 
easier to use certs from an already trusted external CA.  Otherwise you'll need 
to install Root CA chains on your devices for your internal CA.

We ended up using a hybrid of internal and external certs, but our internal PKI 
is mature, and we used 3rd party certs for all the Edge's.

 - Will

On Wed, Jul 4, 2012 at 11:04 AM, Brian Desmond 
br...@briandesmond.commailto:br...@briandesmond.com wrote:
Why does installing Lync necessitate a CA? Just get the certs from a commercial 
CA.

Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com

w - 312.625.1438tel:312.625.1438 | c   - 312.731.3132tel:312.731.3132

From: jwalt...@specservices.commailto:jwalt...@specservices.com 
[mailto:jwalt...@specservices.commailto:jwalt...@specservices.com]
Sent: Tuesday, July 03, 2012 5:49 PM

To: NT System Admin Issues
Subject: Certificate authority

We will be installing Microsoft Lync here very soon and I need to have a 
certificate authority running.  To date, we've not had a need to stand one up 
and from the research I've done, it seems there are a number of ways to go - 
three tier, two, standalone.

Our needs are for Lync, maybe some certs for some smart phones and some 
internal software we've written so it's not a complicated system from our 
perspective.  At least not for the short term.  I obviously don't want to do 
something that I'll regret later and was looking for some advice from other who 
have traveled these roads and learned what to do, and what not to do.

From my research, I think a two tier system will work but I'm not real clear 
at this point how you have an offline CA (for security purposes) and 
subordinate CA's to hand our certs.  Still reading up on all that.

Am I overthinking all this as my Lync installer suggests?  He said that I 
should just install the certificate role on a DC and that would be that.  I 
think they might be better at installing and configuring Lync than they are at 
designing certificate authorities as my research indicates doing that is not 
the best way to go.

Can anyone share their experiences as time is short and I need to decide what 
CA to stand up.

Any advice would be appreciated.

Thanks

Jim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Certificate authority

2012-07-05 Thread William Robbins

That's one way, but it could be circumvented.

You can just disable those features on the mailbox of folks you don't want
connecting:  http://technet.microsoft.com/en-us/library/bb125264.aspx

And you can maintain the ABQ list for devices that can/can't connect:
http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx


 - Will


On Thu, Jul 5, 2012 at 8:17 AM, jwalt...@specservices.com wrote:

  Thanks for the great comments.  I’ll revisit the design with the vendor
 helping me implement the solution.  It seems clear that I should be using a
 commercial cert for the edge services - access.xyz.com, webcon.xyz.com,
 av.xyz.com.

 ** **

 In addition to the needs for my Lync installation, I had originally
 intended to use an internal CA to issue certs to company laptops and cell
 phones in the case where management chooses to want to limit access to
 outlook anywhere and activesync to only company issued devices.  Does that
 sound reasonable or is there a better way to limit access to such things to
 company issued devices should that be their whim? 

 ** **

 Jim 

 ** **

 *From:* William Robbins [mailto:dangerw...@gmail.com]
 *Sent:* Wednesday, July 04, 2012 9:21 AM

 *To:* NT System Admin Issues
 *Subject:* Re: Certificate authority

 ** **

 I'd have to concur, especially if federating is in your Lync future.

 Besides that if you are utilizing smart phones/3rd party software it's *
 much* easier to use certs from an already trusted external CA.  Otherwise
 you'll need to install Root CA chains on your devices for your internal CA.

 We ended up using a hybrid of internal and external certs, but our
 internal PKI is mature, and we used 3rd party certs for all the Edge's.

  - Will

 

 On Wed, Jul 4, 2012 at 11:04 AM, Brian Desmond br...@briandesmond.com
 wrote:

 *Why does installing Lync necessitate a CA? Just get the certs from a
 commercial CA. *

 * *

 *Thanks,*

 *Brian Desmond*

 *br...@briandesmond.com*

 * *

 *w – 312.625.1438 | c   – 312.731.3132*

 * *

 *From:* jwalt...@specservices.com [mailto:jwalt...@specservices.com]
 *Sent:* Tuesday, July 03, 2012 5:49 PM


 *To:* NT System Admin Issues

 *Subject:* Certificate authority

  

 We will be installing Microsoft Lync here very soon and I need to have a
 certificate authority running.  To date, we’ve not had a need to stand one
 up and from the research I’ve done, it seems there are a number of ways to
 go – three tier, two, standalone.

  

 Our needs are for Lync, maybe some certs for some smart phones and some
 internal software we’ve written so it’s not a complicated system from our
 perspective.  At least not for the short term.  I obviously don’t want to
 do something that I’ll regret later and was looking for some advice from
 other who have traveled these roads and learned what to do, and what not to
 do.

  

 From my research, I think a two tier system will work but I’m not real
 clear at this point how you have an offline CA (for security purposes) and
 subordinate CA’s to hand our certs.  Still reading up on all that.

  

 Am I overthinking all this as my Lync installer suggests?  He said that I
 should just install the certificate role on a DC and that would be that.  I
 think they might be better at installing and configuring Lync than they are
 at designing certificate authorities as my research indicates doing that is
 not the best way to go.

  

 Can anyone share their experiences as time is short and I need to decide
 what CA to stand up.

  

 Any advice would be appreciated.

  

 Thanks

  

 Jim

  

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ** **

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body

RE: Certificate authority

2012-07-04 Thread Brian Desmond

Why does installing Lync necessitate a CA? Just get the certs from a commercial 
CA.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: jwalt...@specservices.com [mailto:jwalt...@specservices.com]
Sent: Tuesday, July 03, 2012 5:49 PM
To: NT System Admin Issues
Subject: Certificate authority

We will be installing Microsoft Lync here very soon and I need to have a 
certificate authority running.  To date, we've not had a need to stand one up 
and from the research I've done, it seems there are a number of ways to go - 
three tier, two, standalone.

Our needs are for Lync, maybe some certs for some smart phones and some 
internal software we've written so it's not a complicated system from our 
perspective.  At least not for the short term.  I obviously don't want to do 
something that I'll regret later and was looking for some advice from other who 
have traveled these roads and learned what to do, and what not to do.

From my research, I think a two tier system will work but I'm not real clear 
at this point how you have an offline CA (for security purposes) and 
subordinate CA's to hand our certs.  Still reading up on all that.

Am I overthinking all this as my Lync installer suggests?  He said that I 
should just install the certificate role on a DC and that would be that.  I 
think they might be better at installing and configuring Lync than they are at 
designing certificate authorities as my research indicates doing that is not 
the best way to go.

Can anyone share their experiences as time is short and I need to decide what 
CA to stand up.

Any advice would be appreciated.

Thanks

Jim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Certificate authority

2012-07-04 Thread William Robbins

I'd have to concur, especially if federating is in your Lync future.

Besides that if you are utilizing smart phones/3rd party software it's *much
* easier to use certs from an already trusted external CA.  Otherwise
you'll need to install Root CA chains on your devices for your internal CA.

We ended up using a hybrid of internal and external certs, but our internal
PKI is mature, and we used 3rd party certs for all the Edge's.

 - Will


On Wed, Jul 4, 2012 at 11:04 AM, Brian Desmond br...@briandesmond.comwrote:

  *Why does installing Lync necessitate a CA? Just get the certs from a
 commercial CA. *

 * *

 *Thanks,*

 *Brian Desmond*

 *br...@briandesmond.com*

 * *

 *w – 312.625.1438 | c   – 312.731.3132*

 * *

 *From:* jwalt...@specservices.com [mailto:jwalt...@specservices.com]
 *Sent:* Tuesday, July 03, 2012 5:49 PM

 *To:* NT System Admin Issues
 *Subject:* Certificate authority

  ** **

 We will be installing Microsoft Lync here very soon and I need to have a
 certificate authority running.  To date, we’ve not had a need to stand one
 up and from the research I’ve done, it seems there are a number of ways to
 go – three tier, two, standalone.

 ** **

 Our needs are for Lync, maybe some certs for some smart phones and some
 internal software we’ve written so it’s not a complicated system from our
 perspective.  At least not for the short term.  I obviously don’t want to
 do something that I’ll regret later and was looking for some advice from
 other who have traveled these roads and learned what to do, and what not to
 do.

 ** **

 From my research, I think a two tier system will work but I’m not real
 clear at this point how you have an offline CA (for security purposes) and
 subordinate CA’s to hand our certs.  Still reading up on all that.

 ** **

 Am I overthinking all this as my Lync installer suggests?  He said that I
 should just install the certificate role on a DC and that would be that.  I
 think they might be better at installing and configuring Lync than they are
 at designing certificate authorities as my research indicates doing that is
 not the best way to go.

 ** **

 Can anyone share their experiences as time is short and I need to decide
 what CA to stand up.

 ** **

 Any advice would be appreciated.

 ** **

 Thanks

 ** **

 Jim

 ** **

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Certificate authority

2012-07-04 Thread Steve Kradel

The Komar PKI book is excellent... I bought the paperback a year ago
for $28 -- it's rather strange to see the e-book at a premium over
this, and the paperback at 10x, but that aside it's a very fine guide
to understanding PKI generally and especially worthwhile to get how
Windows uses it, even if you have lots of experience with things like
PGP, OpenSSL CAs, etc.

--Steve

On Tue, Jul 3, 2012 at 7:17 PM, Kurt Buff kurt.b...@gmail.com wrote:
 No, you are not overthinking this.

 It's not extremely complicated, but it's very good to do all of your
 reading and get your ducks all in a row before you start this.

 I went with a two-tier installation - the root CA is a VM that's shut
 down and copied to a portable disk, and is not a member of the domain.

 Make sure that you note when your CRL expires, so that you can bring
 up your root CA in time to generate a new one.

 If you want to get more depth on the subject, I recommend this book
 (only available as an ebook, unfortunately):
 http://shop.oreilly.com/product/9780735625167.do

 Kurt

 On Tue, Jul 3, 2012 at 3:48 PM,  jwalt...@specservices.com wrote:
 We will be installing Microsoft Lync here very soon and I need to have a
 certificate authority running.  To date, we’ve not had a need to stand one
 up and from the research I’ve done, it seems there are a number of ways to
 go – three tier, two, standalone.



 Our needs are for Lync, maybe some certs for some smart phones and some
 internal software we’ve written so it’s not a complicated system from our
 perspective.  At least not for the short term.  I obviously don’t want to do
 something that I’ll regret later and was looking for some advice from other
 who have traveled these roads and learned what to do, and what not to do.



 From my research, I think a two tier system will work but I’m not real clear
 at this point how you have an offline CA (for security purposes) and
 subordinate CA’s to hand our certs.  Still reading up on all that.



 Am I overthinking all this as my Lync installer suggests?  He said that I
 should just install the certificate role on a DC and that would be that.  I
 think they might be better at installing and configuring Lync than they are
 at designing certificate authorities as my research indicates doing that is
 not the best way to go.

 Can anyone share their experiences as time is short and I need to decide
 what CA to stand up.



 Any advice would be appreciated.



 Thanks



 Jim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Certificate authority

2012-07-03 Thread Kurt Buff

No, you are not overthinking this.

It's not extremely complicated, but it's very good to do all of your
reading and get your ducks all in a row before you start this.

I went with a two-tier installation - the root CA is a VM that's shut
down and copied to a portable disk, and is not a member of the domain.

Make sure that you note when your CRL expires, so that you can bring
up your root CA in time to generate a new one.

If you want to get more depth on the subject, I recommend this book
(only available as an ebook, unfortunately):
http://shop.oreilly.com/product/9780735625167.do

Kurt

On Tue, Jul 3, 2012 at 3:48 PM,  jwalt...@specservices.com wrote:
 We will be installing Microsoft Lync here very soon and I need to have a
 certificate authority running.  To date, we’ve not had a need to stand one
 up and from the research I’ve done, it seems there are a number of ways to
 go – three tier, two, standalone.



 Our needs are for Lync, maybe some certs for some smart phones and some
 internal software we’ve written so it’s not a complicated system from our
 perspective.  At least not for the short term.  I obviously don’t want to do
 something that I’ll regret later and was looking for some advice from other
 who have traveled these roads and learned what to do, and what not to do.



 From my research, I think a two tier system will work but I’m not real clear
 at this point how you have an offline CA (for security purposes) and
 subordinate CA’s to hand our certs.  Still reading up on all that.



 Am I overthinking all this as my Lync installer suggests?  He said that I
 should just install the certificate role on a DC and that would be that.  I
 think they might be better at installing and configuring Lync than they are
 at designing certificate authorities as my research indicates doing that is
 not the best way to go.

 Can anyone share their experiences as time is short and I need to decide
 what CA to stand up.



 Any advice would be appreciated.



 Thanks



 Jim



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Certificate authority

2012-07-03 Thread jwalters

Thanks for the advice and I'll take a look at the book.

Jim 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, July 03, 2012 4:17 
PM
To: NT System Admin Issues
Subject: Re: Certificate authority

No, you are not overthinking this.

It's not extremely complicated, but it's very good to do all of your reading 
and get your ducks all in a row before you start this.

I went with a two-tier installation - the root CA is a VM that's shut down and 
copied to a portable disk, and is not a member of the domain.

Make sure that you note when your CRL expires, so that you can bring up your 
root CA in time to generate a new one.

If you want to get more depth on the subject, I recommend this book (only 
available as an ebook, unfortunately):
http://shop.oreilly.com/product/9780735625167.do

Kurt

On Tue, Jul 3, 2012 at 3:48 PM,  jwalt...@specservices.com wrote:
 We will be installing Microsoft Lync here very soon and I need to have  a 
 certificate authority running.  To date, weve not had a need to  stand one 
 up and from the research Ive done, it seems there are a  number of ways to 
 go  three tier, two, standalone.

 Our needs are for Lync, maybe some certs for some smart phones and  some 
 internal software weve written so its not a complicated system  from our 
 perspective.  At least not for the short term.  I obviously  dont want to 
 do something that Ill regret later and was looking for  some advice from 
 other who have traveled these roads and learned what to do, and what not to 
 do.

 From my research, I think a two tier system will work but Im not real  
 clear at this point how you have an offline CA (for security purposes)  and 
 subordinate CAs to hand our certs.  Still reading up on all that.

 Am I overthinking all this as my Lync installer suggests?  He said  that I 
 should just install the certificate role on a DC and that would  be that.  I 
 think they might be better at installing and configuring  Lync than they are 
 at designing certificate authorities as my research  indicates doing that is 
 not the best way to go.

 Can anyone share their experiences as time is short and I need to  decide 
 what CA to stand up.

 Any advice would be appreciated.

 Thanks

 Jim

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~  
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Certificate authority

2012-07-03 Thread jwalters

Seems the e-book for $50 might be the best way to go as the paperback ones are 
a tad steep!   Must be a signed copy :)

http://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias%3Dapsfield-keywords=Windows+Server%AE+2008+PKI+and+Certificate+Security

Jim 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, July 03, 2012 4:17 
PM
To: NT System Admin Issues
Subject: Re: Certificate authority

No, you are not overthinking this.

It's not extremely complicated, but it's very good to do all of your reading 
and get your ducks all in a row before you start this.

I went with a two-tier installation - the root CA is a VM that's shut down and 
copied to a portable disk, and is not a member of the domain.

Make sure that you note when your CRL expires, so that you can bring up your 
root CA in time to generate a new one.

If you want to get more depth on the subject, I recommend this book (only 
available as an ebook, unfortunately):
http://shop.oreilly.com/product/9780735625167.do

Kurt

On Tue, Jul 3, 2012 at 3:48 PM,  jwalt...@specservices.com wrote:
 We will be installing Microsoft Lync here very soon and I need to have  a 
 certificate authority running.  To date, weve not had a need to  stand one 
 up and from the research Ive done, it seems there are a  number of ways to 
 go  three tier, two, standalone.



 Our needs are for Lync, maybe some certs for some smart phones and  some 
 internal software weve written so its not a complicated system  from our 
 perspective.  At least not for the short term.  I obviously  dont want to 
 do something that Ill regret later and was looking for  some advice from 
 other who have traveled these roads and learned what to do, and what not to 
 do.



 From my research, I think a two tier system will work but Im not real  
 clear at this point how you have an offline CA (for security purposes)  and 
 subordinate CAs to hand our certs.  Still reading up on all that.



 Am I overthinking all this as my Lync installer suggests?  He said  that I 
 should just install the certificate role on a DC and that would  be that.  I 
 think they might be better at installing and configuring  Lync than they are 
 at designing certificate authorities as my research  indicates doing that is 
 not the best way to go.

 Can anyone share their experiences as time is short and I need to  decide 
 what CA to stand up.



 Any advice would be appreciated.



 Thanks



 Jim



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~  
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Certificate authority

2012-07-03 Thread Kurt Buff

Yeah, I swallowed hard and turned away when I saw those, too.

However, I can also point you at some good reading material in
Technet. Start here, and follow the bouncing ball:
http://technet.microsoft.com/en-us/library/cc772393%28v=WS.10%29.aspx

On Tue, Jul 3, 2012 at 4:48 PM, jwalt...@specservices.com wrote:
Seems the e-book for $50 might be the best way to go as the paperback ones
are a tad steep! Must be a signed copy :)

http://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias%3Dapsfield-keywords=Windows+Server%AE+2008+PKI+and+Certificate+Security

Jim

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, July 03, 2012
4:17 PM
To: NT System Admin Issues
Subject: Re: Certificate authority

No, you are not overthinking this.

It's not extremely complicated, but it's very good to do all of your reading
and get your ducks all in a row before you start this.

I went with a two-tier installation - the root CA is a VM that's shut down
and copied to a portable disk, and is not a member of the domain.

Make sure that you note when your CRL expires, so that you can bring up your
root CA in time to generate a new one.

If you want to get more depth on the subject, I recommend this book (only
available as an ebook, unfortunately):
http://shop.oreilly.com/product/9780735625167.do

Kurt

On Tue, Jul 3, 2012 at 3:48 PM, jwalt...@specservices.com wrote:
We will be installing Microsoft Lync here very soon and I need to have a
certificate authority running. To date, we’ve not had a need to stand one
up and from the research I’ve done, it seems there are a number of ways to
go – three tier, two, standalone.

Our needs are for Lync, maybe some certs for some smart phones and some
internal software we’ve written so it’s not a complicated system from our
perspective. At least not for the short term. I obviously don’t want to
do something that I’ll regret later and was looking for some advice from
other who have traveled these roads and learned what to do, and what not to
do.

From my research, I think a two tier system will work but I’m not real
clear at this point how you have an offline CA (for security purposes) and
subordinate CA’s to hand our certs. Still reading up on all that.

Am I overthinking all this as my Lync installer suggests? He said that I
should just install the certificate role on a DC and that would be that.
I think they might be better at installing and configuring Lync than they
are at designing certificate authorities as my research indicates doing
that is not the best way to go.

Can anyone share their experiences as time is short and I need to decide
what CA to stand up.

Any advice would be appreciated.

Thanks

Jim

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Certificate authority

2012-07-03 Thread Mathew Shember

Must be a great book!  ;)

http://www.amazon.com/gp/offer-listing/B004RP438O/ref=dp_olp_new?ie=UTF8condition=new




-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, July 03, 2012 4:17 PM
To: NT System Admin Issues
Subject: Re: Certificate authority

No, you are not overthinking this.

It's not extremely complicated, but it's very good to do all of your reading 
and get your ducks all in a row before you start this.

I went with a two-tier installation - the root CA is a VM that's shut down and 
copied to a portable disk, and is not a member of the domain.

Make sure that you note when your CRL expires, so that you can bring up your 
root CA in time to generate a new one.

If you want to get more depth on the subject, I recommend this book (only 
available as an ebook, unfortunately):
http://shop.oreilly.com/product/9780735625167.do

Kurt

On Tue, Jul 3, 2012 at 3:48 PM,  jwalt...@specservices.com wrote:
 We will be installing Microsoft Lync here very soon and I need to have 
 a certificate authority running.  To date, we’ve not had a need to 
 stand one up and from the research I’ve done, it seems there are a 
 number of ways to go – three tier, two, standalone.



 Our needs are for Lync, maybe some certs for some smart phones and 
 some internal software we’ve written so it’s not a complicated system 
 from our perspective.  At least not for the short term.  I obviously 
 don’t want to do something that I’ll regret later and was looking for 
 some advice from other who have traveled these roads and learned what to do, 
 and what not to do.



 From my research, I think a two tier system will work but I’m not real 
 clear at this point how you have an offline CA (for security purposes) 
 and subordinate CA’s to hand our certs.  Still reading up on all that.



 Am I overthinking all this as my Lync installer suggests?  He said 
 that I should just install the certificate role on a DC and that would 
 be that.  I think they might be better at installing and configuring 
 Lync than they are at designing certificate authorities as my research 
 indicates doing that is not the best way to go.

 Can anyone share their experiences as time is short and I need to 
 decide what CA to stand up.



 Any advice would be appreciated.



 Thanks



 Jim



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Certificate authority

2012-07-03 Thread Ken Schaefer

The Komar book is worth getting (well, not for $7000!). I've got both editions 
- at the moment I think it's the best book out there.

Two-tier vs One Tier:
a) what are you doing to do if the issuing CA is compromised, or needs to be 
rebuilt? If you have a system to remove the old root CA cert from your clients 
(e.g. you don't have 10K+ clients) -and- you are using this for internal use 
only (i.e. no external users/partners etc.) then maybe a one-tier solution is 
fine

b) if you have external parties connected to your infrastructure or you have 
many clients, such that removing the old root CA cert is a hassle), then you 
need at least a two-tier solution. That allows you to revoke the issuing CA's 
cert, and distribute the new ICA's cert. Note that you need somewhere 
(preferably more than one location) to host a CRL, so that clients are aware of 
the revocation.

c) the more certs you issue, then issuing CA rebuild/compromise becomes more of 
an issue - you need to ensure that everyone knows that all of the issued certs 
are no longer valid. So a resilient CRL is important, and having a root CA that 
can revoke the ICA cert, and authorise/sign a new ICA cert is important

Cheers
Ken


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, 4 July 2012 10:14 AM
To: NT System Admin Issues
Subject: Re: Certificate authority

Yeah, I swallowed hard and turned away when I saw those, too.

However, I can also point you at some good reading material in Technet. Start 
here, and follow the bouncing ball:
http://technet.microsoft.com/en-us/library/cc772393%28v=WS.10%29.aspx

On Tue, Jul 3, 2012 at 4:48 PM,  jwalt...@specservices.com wrote:
 Seems the e-book for $50 might be the best way to go as the paperback ones 
 are a tad steep!   Must be a signed copy :)

 http://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias%3Dapsfield-
 keywords=Windows+Server%AE+2008+PKI+and+Certificate+Security

 Jim

 -Original Message-
 From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, July 03, 
 2012 4:17 PM
 To: NT System Admin Issues
 Subject: Re: Certificate authority

 No, you are not overthinking this.

 It's not extremely complicated, but it's very good to do all of your reading 
 and get your ducks all in a row before you start this.

 I went with a two-tier installation - the root CA is a VM that's shut down 
 and copied to a portable disk, and is not a member of the domain.

 Make sure that you note when your CRL expires, so that you can bring up your 
 root CA in time to generate a new one.

 If you want to get more depth on the subject, I recommend this book (only 
 available as an ebook, unfortunately):
 http://shop.oreilly.com/product/9780735625167.do

 Kurt

 On Tue, Jul 3, 2012 at 3:48 PM,  jwalt...@specservices.com wrote:
 We will be installing Microsoft Lync here very soon and I need to have  a 
 certificate authority running.  To date, we’ve not had a need to  stand one 
 up and from the research I’ve done, it seems there are a  number of ways to 
 go – three tier, two, standalone.



 Our needs are for Lync, maybe some certs for some smart phones and  some 
 internal software we’ve written so it’s not a complicated system  from our 
 perspective.  At least not for the short term.  I obviously  don’t want to 
 do something that I’ll regret later and was looking for  some advice from 
 other who have traveled these roads and learned what to do, and what not to 
 do.



 From my research, I think a two tier system will work but I’m not real  
 clear at this point how you have an offline CA (for security purposes)  and 
 subordinate CA’s to hand our certs.  Still reading up on all that.



 Am I overthinking all this as my Lync installer suggests?  He said  that I 
 should just install the certificate role on a DC and that would  be that.  
 I think they might be better at installing and configuring  Lync than they 
 are at designing certificate authorities as my research  indicates doing 
 that is not the best way to go.

 Can anyone share their experiences as time is short and I need to  decide 
 what CA to stand up.



 Any advice would be appreciated.



 Thanks



 Jim



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
 http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise

RE: Certificate Authority

2009-11-03 Thread Michael B. Smith

there is both a KB and a technet article.

even if you have never done anything with it, the AD trees have to be removed 
if it was an enterprise CA (which will happen naturally if you remove the CA 
cleanly).

From: asbz...@gmail.com [asbz...@gmail.com]
Sent: Tuesday, November 03, 2009 5:30 PM
To: NT System Admin Issues
Subject: Re: Certificate Authority

IIRC, there is a document on decommissioning a Cert Server.  If you've never 
done *anything* with it, there may be no issues.

--Original Message--
From: Jeremy Anderson
To: NT Issues
ReplyTo: NT Issues
Subject: Certificate Authority
Sent: Nov 3, 2009 4:53 PM

I need to retire a 2003 DC that is a certificate authority.  If it is not being 
used for anything, can I just uninstall the CA then demote the server?

Anything I sould be aware of?

TIA.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Don Guyer

I realize the article is not for W2k8, but we retired a few 2003 CAs
(with other 2k3 CAs) and followed this process of backing up/restoring
the CA:

 

http://support.microsoft.com/default.aspx?scid=kb;en-us;298138

 

 

Don Guyer

Systems Engineer

Information Services

Prudential Fox Roach/ Trident

431 W. Lancaster Avenue

Devon, PA 19333

Ph: (610) 993-3299

Fax: (610) 650-5306

www.prufoxroach.com blocked::blocked::http://www.prufoxroach.com/ 

don.gu...@prufoxroach.com

 

From: Tim Vander Kooi [mailto:tvanderk...@expl.com] 
Sent: Thursday, December 18, 2008 12:36 PM
To: NT System Admin Issues
Subject: Certificate Authority move during Windows 2008 upgrade.

 

I know I have seen that a number of folks on the list have started (or
completed) their move to Server 2008.

My question is if anyone has moved their CA from 2003 to 2008 yet, and
if so, have there been any issues. It seems to be as simple as revoking
my 2003 certs that are outstanding, uninstalling the 2003 CA, and then
installing a CA on a new 2008 DC and letting clients use the new
authority. However, having completed my Exchange 2003 to 2007 migration
earlier this year, I tend not to believe that these things are as easy
in reality as they appear on paper.  :-P

Thanks for any insight you may be able to give,

TVK

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Tim Vander Kooi

Yeah, I had seen that article too, but since it makes no mention of 2008 I was 
curious if anyone had tried it and found that the import works as expected on 
the 2008 CA. It almost seems easier to go the route of revoking the existing 
certificates and lengthening the CRL life on the old 2003 box, and then 
installing and starting up a new Enterprise CA on a new server and let it take 
over. Then again, I am admittedly not an expert on CAs.
TVK

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Friday, December 19, 2008 9:48 AM
To: NT System Admin Issues
Subject: RE: Certificate Authority move during Windows 2008 upgrade.

I realize the article is not for W2k8, but we retired a few 2003 CAs (with 
other 2k3 CAs) and followed this process of backing up/restoring the CA:

http://support.microsoft.com/default.aspx?scid=kb;en-us;298138


Don Guyer
Systems Engineer
Information Services
Prudential Fox Roach/ Trident
431 W. Lancaster Avenue
Devon, PA 19333
Ph: (610) 993-3299
Fax: (610) 650-5306
www.prufoxroach.comblocked::blocked::http://www.prufoxroach.com/
don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com

From: Tim Vander Kooi [mailto:tvanderk...@expl.com]
Sent: Thursday, December 18, 2008 12:36 PM
To: NT System Admin Issues
Subject: Certificate Authority move during Windows 2008 upgrade.

I know I have seen that a number of folks on the list have started (or 
completed) their move to Server 2008.
My question is if anyone has moved their CA from 2003 to 2008 yet, and if so, 
have there been any issues. It seems to be as simple as revoking my 2003 certs 
that are outstanding, uninstalling the 2003 CA, and then installing a CA on a 
new 2008 DC and letting clients use the new authority. However, having 
completed my Exchange 2003 to 2007 migration earlier this year, I tend not to 
believe that these things are as easy in reality as they appear on paper.  :-P
Thanks for any insight you may be able to give,
TVK











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Rob Bonfiglio

I just removed my CA from 2003 to 2008 yesterday.  I went through a document
from Microsoft that detailed all of the steps.  I can't find the document
itself now, but these are the steps that I went through:

http://technet.microsoft.com/en-us/library/cc755153.aspx

On Thu, Dec 18, 2008 at 12:36 PM, Tim Vander Kooi tvanderk...@expl.comwrote:

  I know I have seen that a number of folks on the list have started (or
 completed) their move to Server 2008.

 My question is if anyone has moved their CA from 2003 to 2008 yet, and if
 so, have there been any issues. It seems to be as simple as revoking my 2003
 certs that are outstanding, uninstalling the 2003 CA, and then installing a
 CA on a new 2008 DC and letting clients use the new authority. However,
 having completed my Exchange 2003 to 2007 migration earlier this year, I
 tend not to believe that these things are as easy in reality as they appear
 on paper.  :-P

 Thanks for any insight you may be able to give,

 TVK







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Rob Bonfiglio

Note to self:  PROOFREAD

That should say I just *moved*

On Fri, Dec 19, 2008 at 1:01 PM, Rob Bonfiglio robbonfig...@gmail.comwrote:

 I just removed my CA from 2003 to 2008 yesterday.  I went through a
 document from Microsoft that detailed all of the steps.  I can't find the
 document itself now, but these are the steps that I went through:

 http://technet.microsoft.com/en-us/library/cc755153.aspx

   On Thu, Dec 18, 2008 at 12:36 PM, Tim Vander Kooi 
 tvanderk...@expl.comwrote:

  I know I have seen that a number of folks on the list have started (or
 completed) their move to Server 2008.

 My question is if anyone has moved their CA from 2003 to 2008 yet, and if
 so, have there been any issues. It seems to be as simple as revoking my 2003
 certs that are outstanding, uninstalling the 2003 CA, and then installing a
 CA on a new 2008 DC and letting clients use the new authority. However,
 having completed my Exchange 2003 to 2007 migration earlier this year, I
 tend not to believe that these things are as easy in reality as they appear
 on paper.  :-P

 Thanks for any insight you may be able to give,

 TVK








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Glen Johnson

Now that this subject has been brought up, anyone have good instructions
to share.

We are retiring our last w2k server which was a d/c and cert authority.
I backed up the cert server as per ms, uninstalled cert services, ran
dcpromo and then removed DNS.  I guess I'll reinstall cert services just
in case it is needed over the weekend.

I don't think it has enough space to upgrade to 2k3 so I'm kind stuck as
to how to proceed.

I might try to p2v it and then upgrade to 2k3.  What yall think about
that idea?

Any suggestions appreciated.

 

 

From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] 
Sent: Friday, December 19, 2008 1:02 PM
To: NT System Admin Issues
Subject: Re: Certificate Authority move during Windows 2008 upgrade.

 

Note to self:  PROOFREAD

 

That should say I just *moved*

On Fri, Dec 19, 2008 at 1:01 PM, Rob Bonfiglio robbonfig...@gmail.com
wrote:

I just removed my CA from 2003 to 2008 yesterday.  I went through a
document from Microsoft that detailed all of the steps.  I can't find
the document itself now, but these are the steps that I went through:

 

http://technet.microsoft.com/en-us/library/cc755153.aspx

On Thu, Dec 18, 2008 at 12:36 PM, Tim Vander Kooi tvanderk...@expl.com
wrote:

I know I have seen that a number of folks on the list have started (or
completed) their move to Server 2008.

My question is if anyone has moved their CA from 2003 to 2008 yet, and
if so, have there been any issues. It seems to be as simple as revoking
my 2003 certs that are outstanding, uninstalling the 2003 CA, and then
installing a CA on a new 2008 DC and letting clients use the new
authority. However, having completed my Exchange 2003 to 2007 migration
earlier this year, I tend not to believe that these things are as easy
in reality as they appear on paper.  :-P

Thanks for any insight you may be able to give,

TVK

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Kennedy, Jim

I completely blew up our CA system during the move from 2003 to 2008. 
Thankfully it is only a handful of laptop users that occasionally authenticate 
with certs to our wireless routers. No idea what I did wrong. Wish I could be 
more help.

From: Rob Bonfiglio [mailto:robbonfig...@gmail.com]
Sent: Friday, December 19, 2008 1:01 PM
To: NT System Admin Issues
Subject: Re: Certificate Authority move during Windows 2008 upgrade.

My question is if anyone has moved their CA from 2003 to 2008 yet, and if so, 
have there been any issues

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Certificate Authority move during Windows 2008 upgrade.

2008-12-19 Thread Tim Vander Kooi

That is what I would really like to avoid if at all possible. From every 
TechNet article I can find it appears that you have to have the same name for 
both servers (although I have found a couple of articles that do say that you 
can edit the backed up registry entries for match a new server name) and that 
you must have the same %windows% directory on both machines. Since neither of 
those rules apply to my situation I'm leaning towards going with this approach, 
http://support.microsoft.com/kb/889250 after which I looks like a new CA should 
be able to be installed on a 2008 server to start distributing new certs. I was 
really hoping that I wasn't the first person to try this foolishness, but maybe 
I am. Guess it'll be something fun to blog about assuming it all comes out the 
other end intact.
TVK

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday, December 19, 2008 1:25 PM
To: NT System Admin Issues
Subject: RE: Certificate Authority move during Windows 2008 upgrade.

I completely blew up our CA system during the move from 2003 to 2008. 
Thankfully it is only a handful of laptop users that occasionally authenticate 
with certs to our wireless routers. No idea what I did wrong. Wish I could be 
more help.


From: Rob Bonfiglio [mailto:robbonfig...@gmail.com]
Sent: Friday, December 19, 2008 1:01 PM
To: NT System Admin Issues
Subject: Re: Certificate Authority move during Windows 2008 upgrade.


My question is if anyone has moved their CA from 2003 to 2008 yet, and if so, 
have there been any issues
















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Certificate authority

Re: Certificate authority

RE: Certificate authority

Re: Certificate authority

Re: Certificate authority

Re: Certificate authority

RE: Certificate authority

RE: Certificate authority

Re: Certificate authority

RE: Certificate authority

RE: Certificate authority

RE: Certificate Authority

RE: Certificate Authority move during Windows 2008 upgrade.

RE: Certificate Authority move during Windows 2008 upgrade.

Re: Certificate Authority move during Windows 2008 upgrade.

Re: Certificate Authority move during Windows 2008 upgrade.

RE: Certificate Authority move during Windows 2008 upgrade.

RE: Certificate Authority move during Windows 2008 upgrade.

RE: Certificate Authority move during Windows 2008 upgrade.

19 matches

Site Navigation

Mail list logo

Footer information