The two primary configurations for a Windows certificate authority (CA) are
enterprise and stand-alone.
It is recommended that an organization with an existing Active Directory infrastructure
implement an enterprise CA primarily because of the integration with Active Directory. By
leveraging group policies with the enterprise CA, an administrator can automatically
provision certificates to domain members, certificates being the key element in a
L2TP/IPSec VPN configuration. With a stand-alone or commercial CA, the certificate provisioning
process is manual, requiring a specific process to be performed for each VPN client
and server.
NOTE
A PKI design process is complex, and should not be taken lightly. In addition, a
Windows certificate authority implementation can be utilized for numerous applications
and services in addition to VPN support, so it is recommended that you put careful
thought into the design and implementation of a PKI infrastructure.
Installing the Enterprise Root Certificate Authority (CA)
If a PKI infrastructure is not already in place, the Microsoft implementation can be set up
and configured in the internal environment.
Pages:
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442