From: Horvath, Russell (Russell.Horvath@xxxxxxxxxx)
Date: Fri Sep 22 2000 - 05:16:24 GMT-3
Just a quick question regarding CA's on windows2000.
I am currently looking at this for our network but in the labs. This said we
are looking at using the windows2000 one as its the cheapest.
Has anyone actually set up the CA for windows2000?
Are there any 'GOTCHAS' I need to be aware of when using with cisco IOS 12.1
and above?.
Is there a limitation with the size of network you can use it on?
regards Russ
> ----------
> From: Asbjorn Hojmark[SMTP:Asbjorn@Hojmark.ORG]
> Reply To: Asbjorn Hojmark
> Sent: 21 September 2000 23:09
> To: 'Chris Larson'
> Cc: ccielab@groupstudy.com; cisco@groupstudy.com; 'Jason1'; 'Jim Bond'
> Subject: RE: CA in IPSec
>
> > We will secure by having the root CA off-line and walking
> > the ROOT Cert to the RA. Also, the CA cert will remain
> > pending until the security admin issues it to the router.
>
> You should note that IOS currently doesn't currently support
> cert chaining (subordinate CAs). I learned this the hard way.
>
> TAC tells me, however, that DE is testing two-level hierar-
> chies and that they expect it to ship with 12.1(4)T or maybe
> first with 12.2.
>
> HTH,
> -A
> --
> Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe
> Links : http://www.hojmark.org/networking/
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:00 GMT-3