4 Remote Microsoft Certificate Authority

MyID supports the use of a Microsoft CA on a remote domain.

To set up a remote Microsoft CA, you must install the MSCAWebService installer on a server on the same domain as the remote Microsoft Certificate Authority servers. This installs a web service on a remote server, with which MyID communicates directly over HTTP or HTTPS, bridging the gap between the domain in which MyID resides and the domain in which the Certificate Authorities reside.

You are recommended to set this service up with two-way SSL.

Note: Currently, support for CNG/KSP requires that the CA is on the same domain as the MyID server; accordingly, you cannot use CNG/KSP with the remote Microsoft CA.