Windows Server TechCenter > Windows Server Forums > Security > PKI for two different forests

PKI for two different forests

Monday, November 23, 2009 8:43 PMReppie

0
Sign In to Vote
I am putting together PKI design for mostly internal clients but some will be on a DMZ. I was looking to have an offline Root CA with two sub CAs, one in the internal forest and one in the DMZ forest. I was going to use http and ldap CDPs. Does it make sense to use http and ldap or just http since the subs are in different forests? Is the only value with ldap CDP just if all clients are on the same internal forest? Thank you.
- Reply
- Quote

Answers

Monday, November 23, 2009 9:26 PMVadims PodansMVP

0
Sign In to Vote
If you want to use LDAP you will need to allow unauthenticated access to CDP folder in AD. also you may publish this point over internet without any problems.
http://www.sysadmins.lv
- Proposed As Answer byVadims PodansMVPThursday, November 26, 2009 5:46 PM
- Marked As Answer byMervyn ZhangMSFT, ModeratorMonday, November 30, 2009 2:34 AM
- Reply
- Quote

All Replies

Monday, November 23, 2009 9:26 PMVadims PodansMVP

0
Sign In to Vote
If you want to use LDAP you will need to allow unauthenticated access to CDP folder in AD. also you may publish this point over internet without any problems.
http://www.sysadmins.lv
- Proposed As Answer byVadims PodansMVPThursday, November 26, 2009 5:46 PM
- Marked As Answer byMervyn ZhangMSFT, ModeratorMonday, November 30, 2009 2:34 AM
- Reply
- Quote

Need Help with Forums? (FAQ)