Solved

Several Enterprise Certification Authority queries

Posted on 2008-06-11
1
256 Views
Last Modified: 2012-06-27
Hi,

I have 2 Enterprise CAs running on my domain however I'm uncertain which of these is the Root and which is the Subordinate. How can determine this?

Secondly, I'm wanting to create a new Enterprise Root CA on a different server to take over from from my current Root CA (once I find out which one it is). The new CA host will have a different name to the old one. Additionally, the old box will continue to act as a server once CA services are removed i.e. it's not being decommissioned.

I've read the MS article detailing how to migrate a CA to a box with the same name, but this does not apply in my case.

Any advice on how to proceed would be appreciated.

Finally, if I kick-off the CA services installation wizard on the server I intend to be the new Root CA I have to option to choose to create <either> a Root CA or Subordinate CA - I was expecting the former option to be greyed out, as a Root CA already exists on my network. I haven't taken the wizard any further as I want to be better aware of the implications. I've since read confilcting information on the web as to whether multiple Root CAs can exist in the same domain.
Can someone clarify?

Many thanks.

Tim
0
Comment
Question by:Eidos_IT
1 Comment
 
LVL 22

Accepted Solution

by:
Paka earned 125 total points
ID: 21772612
To determine which is the Enterprise root ca, logon to each CA and open Issued Certificates.  One should have issued a SubCA cert - the one that issued this cert will be your Enterprise root.  It looks like you can have multiple Enterprise root CAs on a domain, but I wouldn't recommend this due to the confusion that arises when you have to troubleshoot CA issues.  I would decomission and reissue certs from the new CA.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question