Several Enterprise Certification Authority queries

Hi,

I have 2 Enterprise CAs running on my domain however I'm uncertain which of these is the Root and which is the Subordinate. How can determine this?

Secondly, I'm wanting to create a new Enterprise Root CA on a different server to take over from from my current Root CA (once I find out which one it is). The new CA host will have a different name to the old one. Additionally, the old box will continue to act as a server once CA services are removed i.e. it's not being decommissioned.

I've read the MS article detailing how to migrate a CA to a box with the same name, but this does not apply in my case.

Any advice on how to proceed would be appreciated.

Finally, if I kick-off the CA services installation wizard on the server I intend to be the new Root CA I have to option to choose to create <either> a Root CA or Subordinate CA - I was expecting the former option to be greyed out, as a Root CA already exists on my network. I haven't taken the wizard any further as I want to be better aware of the implications. I've since read confilcting information on the web as to whether multiple Root CAs can exist in the same domain.
Can someone clarify?

Many thanks.

Tim
Eidos_ITAsked:
Who is Participating?
 
PakaConnect With a Mentor Commented:
To determine which is the Enterprise root ca, logon to each CA and open Issued Certificates.  One should have issued a SubCA cert - the one that issued this cert will be your Enterprise root.  It looks like you can have multiple Enterprise root CAs on a domain, but I wouldn't recommend this due to the confusion that arises when you have to troubleshoot CA issues.  I would decomission and reissue certs from the new CA.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.