Hi All,
I am expanding an exisiting wired 802.1x deployment which is using certificate based authentication and I was after some advise.
At present, there is a single 2008 Enterprise Root CA issuing certificates to 200 client devices, this will need to expand to 400. I have read in multiple locations that a single Enterprise root CA will be adequate for this deployment if certificates security requirments are not high, as opposed to installing an offline root CA and subordinate CAs, so just for basic authentication purposes. Is this correct?
Am I also right in thinking that NPS holds a local copy of the CRL so authentication can still succeed if the CA is down?
The deployment that I am looking at is multisite so is it advised to have a local NPS at each site with a central NPS as backup?
Thanks