PKI = Public Key Infrastructure. It's a security method based on a public and private key exchange. It's how HTTPS and most online encryption works.
In an AD network for any internal TLS connection it makes sense to use an internal Certificate Authority since Active Directory member computers will implicitly trust anything using certs issued by it. For connections over the internet, a public CA would be a better option
At this point, most VPN instances in any business are through an appliance of some kind as opposed to a homebrew solution that you used to see in the past. Once the core config is set, the appliance manages almost everything. Cisco has a pretty good solution, though it comes with a hefty price tag.
Sent from my BlackBerry using Tapatalk
Bookmarks