Best Practices for Certificate Authority

  • Thread starter Thread starter SmpIT
  • Start date Start date
S

SmpIT

Guest
Hello.

We are a small business (70-100 users) with two domain controllers both
running Server 2003. Going forward, we would like to use the new Network
Access Protection (NAP) to help with client security.

We know that installing a Certificate Authority on the domain is a necessary
first step in this process. Can anyone tell me if there is any reason NOT to
install the CA on one of our two domain controllers?

I know Microsoft best practices indicate that a CA should not be installed
on a DC "for security reasons," but I'm guessing that on balance, small shops
like us might not be as concerned about those potential security problems.

Also, it looks like it is necessary to run IIS on all CA servers, is that
correct?

Thanks much.


SMP IT
 
Back
Top