Can my Enterprise root CA on the same server that my RRAS is on?

[Robbman2000]

I'm setting up a new RRAS server for VPN and intend to use L2TP/IPSec so I need a certificate authority. If the CA is on the same server as the RRAS will it asign itself a certificate? Also would there be any security problems with this configuration?

 

[Ntr0P]

You really shouldn't put your root CA on a publicly available server. The root CA is the one you want to lock up and put in a closet, only taking it out on special occasions. Protect that one.

Functionally it is possible to do what you want, but it defeats the purpose of having your own root CA if it isn't safe.

 

[Robbman2000]

Yes, after doing some reading I finally realized when they said 'offline' enterprise root CA they REALLY meant offline. I think I have the situation in order, thanks for your reply NTrOP