On Tue, 8 Apr 2008 17:18:04 -0700, Gunna wrote:
> that an Enterprise Root CA has to be a domain controller? What about
> subordinates?
Absolutely not true. In fact, if you follow good security practices where
you want to reduce the attack surface on your core infrastructure servers,
a domain controller should only ever be a domain controller, and a CA
should only ever be a CA.
--
Paul Adare http://www.identit.ca
Shift to the left! Shift to the right! Pop up, push down, byte, byte,
byte!
"Paul Adare" <pkadare@gmail.com> wrote in message
news:1tj95axsmmjus.1997pdyfpo2mj.dlg@40tude.net...
> On Tue, 8 Apr 2008 17:18:04 -0700, Gunna wrote:
>
>> that an Enterprise Root CA has to be a domain controller? What about
>> subordinates?
>
> Absolutely not true. In fact, if you follow good security practices where
> you want to reduce the attack surface on your core infrastructure servers,
> a domain controller should only ever be a domain controller, and a CA
> should only ever be a CA.
>
> --
> Paul Adare
> http://www.identit.ca
> Shift to the left! Shift to the right! Pop up, push down, byte, byte,
> byte!
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.