[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2003 Standard or Enterprise to deploy certificates

Posted on 2008-11-06
6
Medium Priority
?
417 Views
Last Modified: 2012-05-05
I am working with a consultant to deploy a couple Wireless Access Points.  We plan to set up EAP-TLS for Authentication and deploy the certificates via group policy.  They are telling me that we need to have Windows 2003 Enterprise for the Certificate Authority Server.  Is this correct?
0
Comment
Question by:bluespringsit
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:keamo
ID: 22899266
I've installed Certificate services on a Windows 2003 standard edition before.  I've never heard of having to install it only on a Enterprise server....I think they might be getting confused with the server having to be an "Enterpise Root CA"...
0
 
LVL 4

Expert Comment

by:keamo
ID: 22899304
Here's some more info...

http://technet.microsoft.com/en-us/library/cc756120.aspx

But, maybe the consultant is right....But I'm not entirely convinced.
0
 
LVL 4

Accepted Solution

by:
keamo earned 375 total points
ID: 22899317
Hmmmm.....Looks like the consulltant is right.....

http://technet.microsoft.com/en-us/library/aa998956(EXCHG.65).aspx

I would have sworn I've installed CA on Standard before....oh well.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 4

Expert Comment

by:SCarrison
ID: 22899397
You need Windows 2003 Enterprise to deploy a Root CA and generate your own subordinate certs, yes.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22899478
Normally in a 2 tier system you would want the root to be 2003 or 2008 Standard Edition and not joined to a domain.  The issuing subordinate CA you would want to be 2003 or 2008 Enterprise Edition and would typically be joined to the domain.

The root would be installed as an Enterprise Root CA, and the issuing as an Enterprise Subordinate CA.  This is essentially how we do things here, except we have a 3 tier PKI due to higher policy level requirements.

You want Enterprise Edition for CA that issues end device / end user certificates so you have proper access to the templates and such.  Technically Standard Edition would be functional, but very restricted for what you would likely want to do with it in the long term, if not the short term.

The 2 tier system is highly recommended vs. a single CA for security reasons as well as a reduction in long term issues, such as adding additional CA's (e.g. one in domainA and another in domainB, or one for issuing certs to partners, etc.), moving a CA to another server, and many more reasons.

Also, it is generally advisable to not install any CA on a domain controller as things get messy in that specific environment.  It is best to have dedicated boxes, but if you can't do that at least don't do it on a DC - upgrades to the CA and/or the DC get very complicated, not to mention many other reasons to not do this.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22899568
You might want to look at a 2008 CA for supporting SCEP - this might fall into what you are looking to do....
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question