New to CA server service require reconfigure CA server- Please hel

TheMSsForum.com: The Microsoft Software Forum

Hello everyone.

Our windows 2000 CA certificate server is dead. This server are responsible
for authenticate VPN connection traffic and is working together with our
netscreen 50 VPN/firewall. My IT manager now has decided to upgrade to a new
server and wanting to run 2003 Server.

The dead 2000 CA Server was originally setup by a contractor who is no
longer with the company, I have been instructed to resolve this issue ASAP
which I have no idea where to start. I downloaded an article from
http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm

In this article have a step by step instruction on how to setting up a CA
services. The original 2000 server was a member server. It was configured as
a stand-alone Root CA.

From reading this article it said I should be configuring as an enterprise
CA. I also want this new server to be a domain controller.
What is the best solution for this? Can I install CA on a domain controller.
The article I find under
http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm

is this the article I should be following to setup a CA server ?
Is there any better step by step article I should be follow?
Stand-alone Root CA or enterprise CA ?


I will be very appreciated if someone could help me or guide me through this

Thank you

Mr555
Top

Re: New to CA server service require reconfigure CA server- Please hel by Brian

Brian
Mon Jul 17 08:32:19 CDT 2006

I would not rush into this (despite timelines). There are several
whitepapers available including a Best practices whitepaper at
www.microsoft.com/pki. I have a book out from MSPress that also gives
lots of details into the design and implementation of Certificate
Services (www.microsoft.com/mspress/books/6745.asp)

I would recommend not making the new CA a domain controller as well.
This only leads you down a road to future problems (based on several
previous customer experiences).

Brian

In article <4AA084EB-BD67-456B-BD7B-3D06073DF5C6@microsoft.com>, Mr555
@discussions.microsoft.com says...
> Hello everyone.
>
> Our windows 2000 CA certificate server is dead. This server are responsible
> for authenticate VPN connection traffic and is working together with our
> netscreen 50 VPN/firewall. My IT manager now has decided to upgrade to a new
> server and wanting to run 2003 Server.
>
> The dead 2000 CA Server was originally setup by a contractor who is no
> longer with the company, I have been instructed to resolve this issue ASAP
> which I have no idea where to start. I downloaded an article from
> http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
>
> In this article have a step by step instruction on how to setting up a CA
> services. The original 2000 server was a member server. It was configured as
> a stand-alone Root CA.
>
> From reading this article it said I should be configuring as an enterprise
> CA. I also want this new server to be a domain controller.
> What is the best solution for this? Can I install CA on a domain controller.
> The article I find under
> http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
>
> is this the article I should be following to setup a CA server ?
> Is there any better step by step article I should be follow?
> Stand-alone Root CA or enterprise CA ?
>
>
> I will be very appreciated if someone could help me or guide me through this
>
> Thank you
>
> Mr555
>
>
Top

Re: New to CA server service require reconfigure CA server- Please hel by bagins

bagins
Tue Jul 18 16:40:57 CDT 2006

Who ever told you to resolve this issue ASAP, has no clue about
certificates. It is a very complex story.
You can (maybe) do some "next, next, finish" installation and configuration,
but what are you going to do when problems arrive? (and they will, beleve me
:-( )
I would sugest reading a book or two covering certificates, before you try
to resolve this issue.
Read "Windows Server 2003 PKI and Certificate Security".

@ Brian: Man, that is a GREAT book. Thank you for writing it. Tools are
handy, also ;)



--

************************
Best regards
Bagins
************************


"Mr555" <Mr555@discussions.microsoft.com> wrote in message
news:4AA084EB-BD67-456B-BD7B-3D06073DF5C6@microsoft.com...
> Hello everyone.
>
> Our windows 2000 CA certificate server is dead. This server are
> responsible
> for authenticate VPN connection traffic and is working together with our
> netscreen 50 VPN/firewall. My IT manager now has decided to upgrade to a
> new
> server and wanting to run 2003 Server.
>
> The dead 2000 CA Server was originally setup by a contractor who is no
> longer with the company, I have been instructed to resolve this issue ASAP
> which I have no idea where to start. I downloaded an article from
> http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
>
> In this article have a step by step instruction on how to setting up a CA
> services. The original 2000 server was a member server. It was configured
> as
> a stand-alone Root CA.
>
> From reading this article it said I should be configuring as an enterprise
> CA. I also want this new server to be a domain controller.
> What is the best solution for this? Can I install CA on a domain
> controller.
> The article I find under
> http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
>
> is this the article I should be following to setup a CA server ?
> Is there any better step by step article I should be follow?
> Stand-alone Root CA or enterprise CA ?
>
>
> I will be very appreciated if someone could help me or guide me through
> this
>
> Thank you
>
> Mr555
>


Top