Solved

Several Enterprise Certification Authority queries

Posted on 2008-06-11
1
254 Views
Last Modified: 2012-06-27
Hi,

I have 2 Enterprise CAs running on my domain however I'm uncertain which of these is the Root and which is the Subordinate. How can determine this?

Secondly, I'm wanting to create a new Enterprise Root CA on a different server to take over from from my current Root CA (once I find out which one it is). The new CA host will have a different name to the old one. Additionally, the old box will continue to act as a server once CA services are removed i.e. it's not being decommissioned.

I've read the MS article detailing how to migrate a CA to a box with the same name, but this does not apply in my case.

Any advice on how to proceed would be appreciated.

Finally, if I kick-off the CA services installation wizard on the server I intend to be the new Root CA I have to option to choose to create <either> a Root CA or Subordinate CA - I was expecting the former option to be greyed out, as a Root CA already exists on my network. I haven't taken the wizard any further as I want to be better aware of the implications. I've since read confilcting information on the web as to whether multiple Root CAs can exist in the same domain.
Can someone clarify?

Many thanks.

Tim
0
Comment
Question by:Eidos_IT
1 Comment
 
LVL 22

Accepted Solution

by:
Paka earned 125 total points
Comment Utility
To determine which is the Enterprise root ca, logon to each CA and open Issued Certificates.  One should have issued a SubCA cert - the one that issued this cert will be your Enterprise root.  It looks like you can have multiple Enterprise root CAs on a domain, but I wouldn't recommend this due to the confusion that arises when you have to troubleshoot CA issues.  I would decomission and reissue certs from the new CA.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now