Security

Reply
Super Contributor II

Enterprise CA vs Standalone CA for 802.1x networks

Hi all,

I have a client who is trying to implement 802.1x with Windows Server 2008 NPS.

No problem! However this particular client has an issue with installing the CA Role on one of their Domain Controllers (this is a policy thing, not a technical limitation and i don't think they are prepared to bend).

So my question is, what is the implication of creating a standalong CA on a member server as opposed to creating a full blown enterprise CA?

I'm by no means an expert of AD / PKI so have relied heavily on this forum and the documentation that has been floating around for NPS config and this has gotten my by however i'm way out of depth on this one so would appreciate any advice anybody can offer on this.

My initial thoughts are that this would create trust problems within the domain but i'll sit aside and await your feedback.

Thanks in advance.

Scott
Guru Elite

Re: Enterprise CA vs Standalone CA for 802.1x networks

The advantage of having a Active Directory integrated certificate authority, is that all your domain clients will trust it already. Getting a standalone just makes you start over from scratch and does not help, UNLESS the majority of your clients are NON-domain devices.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: