Certification Authority Types in Windows Certificate Services

Choices

The PKI server which ships with Windows, Active Directory Certificate Services lets you install it in four different modes. Before you install your CA servers you will want to know how these different types differ from each other so you can plan your setup to suite your needs.

Stand Alone Root CA

You would use the stand alone Root CA in the scenario where you want to use an offline Root CA. Stand Alone in the context of the CA server means that is it not integrated with Active Directory. However information from the CA, such as CDP and AIA, could still be published to Active Directory. Typically the Stand Alone CA is a member of its own workgroup as opposed to being a member of a domain. It is disconnected from the network only accessible to the operators of the CA server. The only time anyone needs to interact with the server is when it is to sign subordinate CA certificates or when it publishes a new CRL. This can be done by transferring files on a USB stick.

[click to continue…]

{ 0 comments }

Hierarchies in PKI

PKI Hierarchy

A PKI hierarchy can have one or more tiers. In a single tier PKI environment your only CA server will be the Root CA. If you have more tiers your Root CA will issue subordinate CA certificates CA servers below the root. If you have a two tier PKI setup you don’t need to have access to your Root CA server on a day to day basis. Since your users can request certificates from the subordinate CA the Root CA can be offline. Obviously having your Root CA offline increases the security of your PKI environment since no one has network access to the server. How many tiers your setup will use depends of what you want to do with the PKI environment, your security requirements and the trust you put into the environment.

[click to continue…]

{ 0 comments }

Components of Public Key Infrastructure (PKI)

February 8, 2010

At its core PKI is all about certificates, how they are created, what information they contain, how they are used, the level of trust you put into them, what happens when they are lost and the simplicity of using them.

Read the full article →

About Public Key Infrastructure

February 2, 2010

Public Key Infrastructure (PKI) is a set of technologies and standards using public key cryptography to issue and revoke digital certificates. A PKI consists of servers called Certification Authorities (CA), digital certificates, policies and procedures. At its core PKI provide three main services which provides authentication, integrity and confidentiality. Having a PKI environment enables you [...]

Read the full article →

What is Cisco SensorBase?

October 6, 2009

Would you like your IPS to use over half a million sensors instead of just the ones you deploy? Cisco IPS 7.0 introduced Global Correlation which uses information from SensorBase to help you determine if incoming traffic is from a known hostile host or from a legitimate source. But let’s not get ahead of ourselves.

Read the full article →

Rest in Peace Cisco Security Agent

September 22, 2009

People at Cisco have told me that the staff who do internal IT at Cisco says that Cisco Security Agent is the product which has done the most to improve their overall security. Now I’m hearing that the product is being dropped. If you’re not familiar with the product, Cisco Security Agent is a host [...]

Read the full article →