Pass A+ Exams DNS Server in the CA hierarchy
An intermediate CA is any certi?cate authority that exists outside the role of the root CA and
issues certi?cates to other CAs somewhere in the CA hierarchy. Normally, this intermediate CA exists in a state between the root CA (which is of?ine) and the issuing CAs, which are online. This way, issuing CAs have a method of contacting the root CA while ultimately mcitp server administrator exposing the root CA?s private key the minimum number of times.
The policy CA is technically a subcategory of intermediate CA, but it has a special category in and of itself because of the vital part it plays within a Windows Server 2008 infrastructure. Within that infrastructure, a policy CA contains the policies and procedures an organiza- tion uses to secure and validate both the CA and the certi?cate holder identity. Normally, policy CAs communicate only with other CAs.
By far, the most common and lowest-level certi?cate authority is the CA that is responsible for actually distributing certi?cates to users and devices within the infrastructure?the issuing CA . Typically, the issuing CA receives policies from a higher-level policy CA and responds to requests for certi?cates and other information. However, an issuing CA is capable of holding its own policies and making its own policy decisions in a smaller archi- tecture, such as a one- or two-tiered hierarchy (discussed later in this chapter).
It’s most likely that you have encountered an explanation of enterprise and stand-alone CAs in your previous study, but in case you have forgotten, an enterprise CA is a CA that takes advantage of Active Directory to control the enrollment process. Thus, because it involves the use of mcsa certification Active Directory, it can logically be further controlled and refined through the use of Group Policy.
Stand-alone CAs do not take advantage of Active Directory and cannot be managed by Group Policy. Furthermore, stand-alone CAs are limited to either web-based or command- line deployment.
One of the drawbacks of using certi?cates is that as the number of certi?cates grows, expires, or ultimately become revoked, the number of revoked certi?cates in the CRL becomes very large and cumbersome to send back and forth. Using the Online Certi?cate Status Protocol (OCSP), administrators are able to implement a system that, instead of sending the complete list of revoked certi?cates, is able to respond to a request about a single certi?cate within the organization. This greatly reduces the amount of data traffic and optimizes the infrastruc- ture for other tasks.
Processing your request, Please wait....
