Multiple domain Certificate Authority

Posted on 2009-02-16
Last Modified: 2012-05-06
My job requires me to build a Certificate Authority Infrastructure for our project. It will be Microsoft Certificate Authority. This is a foreign infrastructure so it has 5 different domains. They are: asia, europe, south america, africa and north america. Each of these domain has its own domain name space. For example:,

Do I have to build 5 different Certificate Authority for these 5 domains? Or can I just build one insfrastructure for all 5 domains?

Question by:dongocdung
    LVL 22

    Assisted Solution

    Sounds like a fun project!  The answer is - it depends.  Are you running all these domains in the same forest or are they different forests?  Are you going to run your CA as an Enterprise Root CA or a Standalone CA?  What are you going to use your CA(s) for (ie PKI, SmartCard Logon, Web Authentication,etc)?

    Author Comment

    All of these domains are in the same forest.
    The CA is running as an Enterprise Root CA
    The CA is use for smartcard logon, machine cert and VPN.
    LVL 22

    Accepted Solution

    You can get by with a single Enterprise Root CA.  However, best practice is to create a couple Enterprise Subordinates (for fault tolerance) to issue the certs and to take the Enterprise Root offline (for security purposes).

    How big of an enterprise will you be serving?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now