Steven
Thu Dec 16 10:14:21 CST 2004
OK Ben. Good luck!
To enable ssl that will encrypt all web traffic to that server via https you
only need a certificate/private key on the web server, kind of like when you
go to Amazon or such and order something and see that it is a secure
connection. --- Steve
"Ben" <bjblackmore@nospam.hotmail.com> wrote in message
news:ubr%23VH24EHA.3980@TK2MSFTNGP10.phx.gbl...
> Hi Steve,
>
> Thanks for the info, it's given me some good bedtime reading! I hear there
> is a 3 day course on PKI, which I might try and get my company to send me
> on. I also have a few books, but it's trying to find the time to read
> them.
>
> I believe some of the questions I got wrong were based around who should
> have a certificate when trying to secure communications i.e. how do you
> secure the accounts web server - install a certificate on the web server,
> install a certificate on the accountants PC, or issue a certificate to the
> accountant user
>
> Can't remember which I said now, think I changed my answer when I went
> back
> and reviewed the questions.
>
> Anyway, many thanks for your help!
>
> Ben
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:ZH_vd.237050$HA.182413@attbi_s01...
>> Congrats. There is not a lot of info on W2K PKI. There is tons of it for
>> W2003 and MOST will apply if you remember that type two certificate
>> templates only apply to Windows 2003 Enterprise Server CA. Otherwise the
>> links below may help.
>>
>>
>
http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
>>
>
http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
>>
>> Other key points.
>>
>> -- Only enterprise CA can issue smart card certificates.
>> -- Enterprise CA can only be installed on domain computers.
>> -- User can request certificate through mmc only if the are a domain me
> in
>> a domain with an enterprise CA.
>> -- Stand alone CA's only allow users to enroll through Web Enrollment.
>> -- User needs read and enroll permissions to certificate template to get
> a
>> certificate.
>> -- L2tp requires machine certificate on VPN client and VPN server.
>> -- Certificate templates are managed through AD Sites and Services but
> you
>> need to select view for services.
>> -- The issuing CA's certificate needs to be in a computer's local
>> certificate store for "trusted root certificates"
>> before it will trust certificates presented to it from that CA.
>>
>> Steve
>>
>>
>> "Ben" <bjblackmore@nospam.hotmail.com> wrote in message
>> news:%237sJcEp4EHA.4092@TK2MSFTNGP14.phx.gbl...
>> > Passed 70-214 yesterday, with a score of 878, not to bad, my weakness
> was
>> > PKI & certificate issuing, which I though I was ok on. Will be
>> > reviewing
>> > that topic before I take 70-218 after Christmas!
>> >
>> > Ben
>> >
>> > IT Professional, MCP 70-210, 70-214, 70-215
>> > "On my way to becoming fully certifiable!"
>> >
>> > P.S. Merry Christmas Everyone!
>> >
>> >
>>
>>
>
>