Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Several Enterprise Certification Authority queries

Posted on 2008-06-11
1
Medium Priority
?
261 Views
Last Modified: 2012-06-27
Hi,

I have 2 Enterprise CAs running on my domain however I'm uncertain which of these is the Root and which is the Subordinate. How can determine this?

Secondly, I'm wanting to create a new Enterprise Root CA on a different server to take over from from my current Root CA (once I find out which one it is). The new CA host will have a different name to the old one. Additionally, the old box will continue to act as a server once CA services are removed i.e. it's not being decommissioned.

I've read the MS article detailing how to migrate a CA to a box with the same name, but this does not apply in my case.

Any advice on how to proceed would be appreciated.

Finally, if I kick-off the CA services installation wizard on the server I intend to be the new Root CA I have to option to choose to create <either> a Root CA or Subordinate CA - I was expecting the former option to be greyed out, as a Root CA already exists on my network. I haven't taken the wizard any further as I want to be better aware of the implications. I've since read confilcting information on the web as to whether multiple Root CAs can exist in the same domain.
Can someone clarify?

Many thanks.

Tim
0
Comment
Question by:Eidos_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 22

Accepted Solution

by:
Paka earned 375 total points
ID: 21772612
To determine which is the Enterprise root ca, logon to each CA and open Issued Certificates.  One should have issued a SubCA cert - the one that issued this cert will be your Enterprise root.  It looks like you can have multiple Enterprise root CAs on a domain, but I wouldn't recommend this due to the confusion that arises when you have to troubleshoot CA issues.  I would decomission and reissue certs from the new CA.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question