Hi all,
I have a client who is trying to implement 802.1x with Windows Server 2008 NPS.
No problem! However this particular client has an issue with installing the CA Role on one of their Domain Controllers (this is a policy thing, not a technical limitation and i don't think they are prepared to bend).
So my question is, what is the implication of creating a standalong CA on a member server as opposed to creating a full blown enterprise CA?
I'm by no means an expert of AD / PKI so have relied heavily on this forum and the documentation that has been floating around for NPS config and this has gotten my by however i'm way out of depth on this one so would appreciate any advice anybody can offer on this.
My initial thoughts are that this would create trust problems within the domain but i'll sit aside and await your feedback.
Thanks in advance.
Scott