Solved

offline root CA question

Posted on 2014-10-01
2
163 Views
Last Modified: 2014-10-05
Can someone tell me if it is possible to create a MSFT offline root CA in a workgroup, and not install any online subordinate CA?  
i.e. if I need to process a cert, bring the offline root CA online to process then take offline again. its a security requirement if you are wondering about the question.

I just need to know if this is possible with the CRL publishing etc

thx - S
0
Comment
Question by:siber1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40356121
It's possible (well, I don't think it will accept being in a workgroup, but you can give it a domain of its own, build it as a virtual machine in hyper-v, and shut the whole machine down when not in use)

However, while for issuing CAs in an enterprise, I usually recommend using the MS CA, for offline roots I usually recommend using the XCA standalone CA - this is self-contained (perhaps obviously, will need a webserver to host its CRL, but this can be shared with an issuing CA) and can be easily stored onto removable media and placed in a safe etc when not in use, if you want more security (the db is encrypted, however, and has no web interface, so can be part of your usual backup cycle, depending on how paranoid you want to be about it :)
0
 

Author Closing Comment

by:siber1
ID: 40362383
thx Dave
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question