Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Enterprise CA vs Standalone CA for 802.1x networks

This thread has been viewed 1 times

  • 1.  Enterprise CA vs Standalone CA for 802.1x networks

    Posted Oct 13, 2011 11:50 PM
    Hi all,

    I have a client who is trying to implement 802.1x with Windows Server 2008 NPS.

    No problem! However this particular client has an issue with installing the CA Role on one of their Domain Controllers (this is a policy thing, not a technical limitation and i don't think they are prepared to bend).

    So my question is, what is the implication of creating a standalong CA on a member server as opposed to creating a full blown enterprise CA?

    I'm by no means an expert of AD / PKI so have relied heavily on this forum and the documentation that has been floating around for NPS config and this has gotten my by however i'm way out of depth on this one so would appreciate any advice anybody can offer on this.

    My initial thoughts are that this would create trust problems within the domain but i'll sit aside and await your feedback.

    Thanks in advance.

    Scott


  • 2.  RE: Enterprise CA vs Standalone CA for 802.1x networks

    EMPLOYEE
    Posted Oct 15, 2011 12:05 AM
    The advantage of having a Active Directory integrated certificate authority, is that all your domain clients will trust it already. Getting a standalone just makes you start over from scratch and does not help, UNLESS the majority of your clients are NON-domain devices.