Question about the sentence in bold. What is the meaning behind this comment?
How would you separate the role of the AIA and CDP from a CA subordinate server? I can see where I add a CES and CEP server which has those as well, but I don't completely understand his comment. Because in this second step, (http://technet.microsoft.com/en-us/library/tlg-key-based-renewal.aspx) he shows how to implement CES and CEP.
This is from the guide located at: http://technet.microsoft.com/library/hh831348.aspx
Step 3: Configure APP1 to distribute certificates and CRLs
In the extensions of the root CA, it was stated that the CRL from the root CA would be available via http://www.contoso.com/pki. Currently, there is not a PKI virtual directory on APP1, so one must be created.In a production environment, you would typically separate the issuing CA role from the role of hosting the AIA and CDP.However, this lab combines both in order to reduce the number of resources needed to complete the lab.
Thanks,
James