Enterprise root CA for internal domain use only
Single subnet LAN, one domain, one forest:
If my CA is for internal use only, for Windows servers and clients and a few devices
What revocation methods do I need to publish? (I don't want anything visible outside the LAN).
Do I really need a dedicated server, or can I put it on say the WSUS server?
What is the risk of putting it on a DC, since the IIS would not be accessible from outside the LAN?
CarolChi
July 8th, 2011 9:59am
Hello,
You can put in in your WSUS server, but this will depend how big your environment is. I wll not recommend to put it on a DC, becuase for security reason and also your don't want to place too much revocation/request traffic to your DCIsaac Oben MCITP:EA, MCSE,MCC
View my MCP Certifications
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2011 3:18pm