[quoted text, click to view] > 1. Is the Windows Enterprise CA the best route? Only domain users will use
> this app.
I should think so, it's cost effective (if you already have a DC or member
server) and client workstations of that domain can easily trust the CA
[quoted text, click to view] > 2. Do I need Windows Enterprise edition or can Standard suffice? I have
> read that I cannot modify the code--signing template without Enterprise....
> does this matter?
not sure on this one mate, anyone else able to comment?!?
[quoted text, click to view] > 3. Is it best to install the CA root on a DC, or non-dc server, and should I
> remove the server from the network for security?
It doesn't need to be a DC, member server is suffice...I'd recommend using a
member server (although I've used DC's in the past, but as always it's best
practice to split roles), also it's best to keep the server in your domain
and it needs to be accessible to verifiy the certificate.
[quoted text, click to view] >
--
The walls between art and engineering exist only in our minds
[quoted text, click to view] "Marc" wrote:
> I have been asked to issue certificates for a .net application (code signing)
> so that the user will not be prompted to authorize the install up updates to
> the app. Specifically, the software is an inhouse app that is installed from
> a website and automatically updates it self when it detects updates upon
> launch.
>
> I have a question or two:
> 1. Is the Windows Enterprise CA the best route? Only domain users will use
> this app.
> 2. Do I need Windows Enterprise edition or can Standard suffice? I have
> read that I cannot modify the code--signing template without Enterprise....
> does this matter?
> 3. Is it best to install the CA root on a DC, or non-dc server, and should I
> remove the server from the network for security?
>
> Thanks in advance for any help
