MS 2003 CA 服务器和客户端之间的通信 - 非活动目录环境:设计查询
我有一个场景,CA 及其客户端不在活动目录环境(win2003 enterprise)中。 它们在物理上分开(不同的地方)。
例如,
*If the domain name is 'ExampleBank.org'*
*The CA name is 'ca.ExampleBank.org' *
*CA type is Enterprise Root CA (online) [windows 2003 enterprise server]*
- 在这样的非活动目录环境中,CA 将如何分发证书/CRL?
- 客户将如何将其 CSR 发送给 CA?
- 在这样的场景下,ICERTREQUEST2接口是否有用向CA发送请求? (提交呼叫)
- 我需要查看 LDAP 方法吗?
I have a scenerio where the CA and its clients are not in an active directory environment(win2003 enterprise). They are located physically apart(different places).
For example,
*If the domain name is 'ExampleBank.org'*
*The CA name is 'ca.ExampleBank.org' *
*CA type is Enterprise Root CA (online) [windows 2003 enterprise server]*
- How will the certificates/CRLs be distributed by the CA in such a non active directory environment?
- How will the clients send their CSR's to the CA?
- Will ICERTREQUEST2 interface be usefull under such a scenerio to send a request to CA? (Submit call)
- Do i need to look at LDAP approach?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CA 将在公共服务器或 LDAP 服务器中发布证书。 因此应该通过这些 URL 访问证书。 CRL 将在 x509 证书中的 CRL 分发点字段所指向的位置定期发布。
CSR 可以手动带到注册机构(如果 CA 有一个),或者此接口将由 CA 定义
我认为,这个接口是基于 RPC 的,所以这应该只在网络中有效。 有人可以澄清这一点吗?
谢谢
The CA will publish the certificates in a public server or in a LDAP server. So the certificates should be accessed via those URLs. The CRL's will be published periodically at the location pointed by the CRL distribution points field in the x509 certificate.
The CSR's can eb taken manually to the registration authority(if the CA has one) or this interface will be defined by the CA
I think, this interface is RPC based, so this should be valid only with in a Network. Can someone please clarify on this point?
Thanks