Solved

Certificates from Enterprise Root CA from parent domain to clients in child domain.

Posted on 2010-08-25
2
1,204 Views
Last Modified: 2012-05-10
Can we issue certificates from Enterprise Root CA which is in parent domain to clients in child domain?

Currently, we have Enterprise Root CA installed in child domain xyz.abc.com. We want to remove this CA and set up a CA in the parent domain abc.com to issue certificates for both parent and child domain.

What is the best practice?

0
Comment
Question by:imranrft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 250 total points
ID: 33531701
It is possible yes (http://support.microsoft.com/kb/281271), but from a security and flexibility standpoint I would probably install an offline Root CA in the forest root domain, and a subordinate issuing CA in the child domain.

http://technet.microsoft.com/en-us/library/cc737834%28WS.10%29.aspx
0
 

Author Closing Comment

by:imranrft
ID: 33548926
Thanks man!!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question