redundant enterprise CA

  • Thread starter Thread starter slimard@gmail.com
  • Start date Start date
S

slimard@gmail.com

Hello,

I am going to deploy a 2-tiers Windows 2003 PKI. I will set-up a stand-
alone CA and 2 Enterprise CA.

The 2 Enterprise CA are for redundancy. Is there anything special to
make them redundant?

Thank you
Slimo
 
There is no clustering support for Server 2003. The redundancy is
accomplished by ensuring that both have the *same* certificate templates
available for enrollment, so that clients can request certificates from
*either* CA.

Brian


<slimard@gmail.com> wrote in message
news:9b2bc16e-de5a-4252-b545-bfd4a0b21e79@k39g2000hsf.googlegroups.com...
> Hello,
>
> I am going to deploy a 2-tiers Windows 2003 PKI. I will set-up a stand-
> alone CA and 2 Enterprise CA.
>
> The 2 Enterprise CA are for redundancy. Is there anything special to
> make them redundant?
>
> Thank you
> Slimo
 
Is then the redundancy done through AD because they will both
Enterprise CA?

On Jan 9, 5:39 pm, "Brian Komar" <brian.ko...@nospam.identit.ca>
wrote:
> There is no clustering support for Server 2003. The redundancy is
> accomplished by ensuring that both have the *same* certificate templates
> available for enrollment, so that clients can request certificates from
> *either* CA.
>
> Brian
>
> <slim...@gmail.com> wrote in message
>
> news:9b2bc16e-de5a-4252-b545-bfd4a0b21e79@k39g2000hsf.googlegroups.com...
>
>
>
> > Hello,
>
> > I am going to deploy a 2-tiers Windows 2003 PKI. I will set-up a stand-
> > alone CA and 2 Enterprise CA.
>
> > The 2 Enterprise CA are for redundancy. Is there anything special to
> > make them redundant?
>
> > Thank you
> > Slimo- Hide quoted text -
>
> - Show quoted text -
 
Pretty much.
Client queries the Enrollment Services container in the Configuration
context and is sent to any available CAs for the requested certificate
template.
Brian

<slimard@gmail.com> wrote in message
news:39b8da1c-d4f3-4660-8a96-7b7c0ca785d2@v4g2000hsf.googlegroups.com...
Is then the redundancy done through AD because they will both
Enterprise CA?

On Jan 9, 5:39 pm, "Brian Komar" <brian.ko...@nospam.identit.ca>
wrote:
> There is no clustering support for Server 2003. The redundancy is
> accomplished by ensuring that both have the *same* certificate templates
> available for enrollment, so that clients can request certificates from
> *either* CA.
>
> Brian
>
> <slim...@gmail.com> wrote in message
>
> news:9b2bc16e-de5a-4252-b545-bfd4a0b21e79@k39g2000hsf.googlegroups.com...
>
>
>
> > Hello,
>
> > I am going to deploy a 2-tiers Windows 2003 PKI. I will set-up a stand-
> > alone CA and 2 Enterprise CA.
>
> > The 2 Enterprise CA are for redundancy. Is there anything special to
> > make them redundant?
>
> > Thank you
> > Slimo- Hide quoted text -
>
> - Show quoted text -
 
Back
Top