E-Mail:
Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

Certification Success - The Standalone CA Versus The Enterprise CA

Tuesday, October 19th, 2004
by Diana Huggins

  • No Related Post

Security is definitely a hot topic - both in the workplace and on Microsoft exams. You definitely have to study the different security features that can be implemented. One such feature is certificate authorities (CA), and you can expect to encounter a few exam questions pertaining to the topic. Unfortunately, this is one of the most difficult topics to understand, but you should start by learning the difference between standalone certificate authorities and enterprise certificate authorities.

A standalone CA does not issue certificates independent of administrator intervention. The reasoning for this is based upon the fact that a standalone CA doesn’t tap into a local or domain user account. Instead, it relies upon human intervention as a ‘last check’ method prior to issuing a certificate. Standalone CA certificates are also not distributed automatically, but further require a delivery method, such as group policy (for local domain users), or via further human intervention. For Web and Internet access, this is the type of CA to use.

The enterprise CA adds a new level of flexibility and ability to the certificate picture, but also added complexity. The Enterprise CA is integrated with Active Directory, and only provides certificates to members within that Active Directory. This pretty much kills the idea of having both an extranet or secure Internet communications along with secure local domain communications. Enterprise Certificates can, however, be used in a manner that falls within the ‘not often, but still really nifty’ category. Enterprise Certificates can be used to bypass repeated and redundant domain authentication, and when properly configured, can be used to further enhance the standard Kerberos authentication methods. Enterprise Certificates are automatically issued for every user account when it is created. The certificate itself, since it is a file, can be stored on any storage location and can still be valid. In keeping along this train of thought, it is possible to place a certificate on a card or plug-in device that can be used to authenticate a user during the normal Kerberos authentication process. These specialized devices are called Smart Cards, and while Smart Card implementation is somewhat expensive, several large corporations have implemented this technology as an added safety factor.

Once certificates are exchanged, and authenticity is established, communication occurs, but additional security factors can be put in place to help enhance the rest of the communications process.

Tags
Categories

One Comment

microsoft, ca, validity, period, client, certificate, registry | Booches.nl

August 14th, 2009
at 6:16am

[...] The enterprise CA adds a new level of flexibility and ability to the certificate picture, but also added complexity. The Enterprise CA is integrated with Active Directory, and only provides certificates to members within that Active Directory. This pretty much kills the idea of having both an extranet or secure Internet communications along with secure local domain communications. Enterprise Certificates can, however, be used in a manner that falls within the ‘not often, but still really nifty’ category. Enterprise Certificates can be used to bypass repeated and redundant domain authentication, and when properly configured, can be used to further enhance the standard Kerberos authentication methods. Enterprise Certificates are automatically issued for every user account when it is created. The certificate itself, since it is a file, can be stored on any storage location and can still be valid. In keeping along this train of thought, it is possible to place a certificate on a card or plug-in device that can be used to authenticate a user during the normal Kerberos authentication process. These specialized devices are called Smart Cards, and while Smart Card implementation is somewhat expensive, several large corporations have implemented this technology as an added safety factor. […] Source [...]

What Do You Think?

 

Posted Recently

iPhone Is Coming To Verizon

Windows Update In Windows 7 Part I

Solving The 5 Biggest Challenges Of Field Service Delivery

New Apps For November 6th, 2009

Google Is Opening Up Your Info - To You

Windows 7 Gaming - Not As Good As XP?

Confessions Of A Public Speaker

Make Presenting Easier With PowerPoint’s Presenter View

Building The Future Of Collaboration

New Apps For November 5th, 2009

Give Me A Cup Of What Congress Is Drinking

Sahil Malik Fills Us In On SharePoint 2010

20% Gnomie Discount On GoodSync Backup Software

Open Transportation Data in One Hour Webcast

Prevent Reboots After Windows Updates Part II

The High Performance Information Workplace

AT&T Has A Suit For That

Nokia Needs To Drop Cells?

Sage Summit Session To Share Social CRM Trends Via Live Webcast

Prevent Reboots After Windows Updates Part I

Acing The Interview: How To Ask And Answer The Questions That Will Get You The Job

New Apps For November 3rd, 2009

A Glimpse Into The Abyss

Sunbelt Personal Firewall Discount For Gnomies

Getting Started With Google Wave

Should You Take Your Work Home?

Lightwave

New Apps For November 2nd, 2009

Ads Are Not All Bad - Just Watch How They Are Used

QuickBooks 2010: The Missing Manual

Work More Efficiently With Outlook Appointments

Ten Tips For Better Web Meetings

NASA Tech Briefs

New Apps Digest For October 30th, 2009

Supplementing Our TV Or Replacing It

Android From Verizon - Maybe Someday

Change The Default Appointment Interval In Outlook

Driving IT Help Desk Efficiency with Customer-Centric Remote Support

Fiber Country

Protection From Identity Theft

41 queries / 0.533 seconds.