CA Cert vs Windows Certifcate Server

Posted on 2005-05-03
Last Modified: 2012-05-05
I am re-posting the question again thinking that I wil be able to grab the quick attention from someone.


I need to install a Certificate Server for two purposes:
1. authenticating wireless clients
2. serving https clients  for Outlook Web Access with our exchange server.

Our environment is Windows 2003 AD (recently I upped the functional level to 2003) with two DCs.  Exchange is running on one DC and I plan to install RADIUS and Certifacte Server on the other.

I was first thinking of installing an enterpise CA on one of the DCs and then I realise uninstalling a CA in Windows 2003 (if  I needed to for some reason), is going to be quite messy. Then came cacert into my mind.  What are the pros and cons of the two and and which factors hould influence my decision to go either way.

Thanks heaps.

Question by:lakshmanl
    1 Comment
    LVL 5

    Accepted Solution

    Generally speaking.

    If you are dealing with thrid parties eg. Partners, you should use a CA, this is so that if there are issues, there is a neutral third party is responsible and  can investigate, it takes the burden off you to setup your PKI to the standards that others may want (which is extremely high and expesive standards).

    Using the WIn2003 solution for employees only is fine, however, I would look at lternatives to Microsoft, you will get better options and security with a more specialist vendor. I personally prefer not to use inherently insecure platforms for high security services.

    Try not to mix the two requirements for Third Party/Partners and Internal use only.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now