I created a standalone root ca and a enterprise subordinate ca utilizing the TechNet Article: (Test Lab Guide) Deploying an AD CS Two-Tier PKI Hierarchy among other articles and believe it or not, everything went fine. (as far as " I
" know! ) The capolicy.inf had "LoadDefaultTemplates=0" so that the Subordinate CA would not immediately start issuing Certificates. Okay! Now here is where I have questions. (and please do not laugh at me...ok you can, because I won't be able to see you. but it will still hurt my feelings)
1. am I correct in presuming that this subordinate server is just for internal stuff?
2. what templates should I load? (I have exchange server, LYNC Server, dhcp servers, dns servers, file servers etc.; I also have over 100 clients (users and pc's)
3. am I correct in presuming I will need a certificate from a trusted 3rd party such as "Digicert, Godaddy or VeriSign"?
4. What are trusted 3rd Party Certificates used for? External use. So anyone who connects to my domain from the outside world would get one of those?
5. if I do need 3rd party Certificates, what kind and how many? (I have 2 domains, "www.domain.job.state.us
" and "www.domain.us
6. would I need "Wildcard" or "SAN"
I know I sound totally illiterate about this but I cannot seem to find too much on what to do after one has created the servers.
also, I was perusing another article about Certificate Policy and Certificate Practice Statements and it seems like such a complicated process . are these necessary? or am I reading too much into all of this? (I told you not to laugh at me!!) man, it seems like one could do just your one job, and one would be constantly busy in an organization just trying to get a PKI up and running...properly)
Let me say in advance, thank you to anyone who responds to my queries. I do understand that you all are very busy also and to take time to help a clueless tech..well, I really appreciate the help.
points well deserved.
thank you again for taking the time to answer my questions.