Solved

Certificates from Enterprise Root CA from parent domain to clients in child domain.

Posted on 2010-08-25
2
1,191 Views
Last Modified: 2012-05-10
Can we issue certificates from Enterprise Root CA which is in parent domain to clients in child domain?

Currently, we have Enterprise Root CA installed in child domain xyz.abc.com. We want to remove this CA and set up a CA in the parent domain abc.com to issue certificates for both parent and child domain.

What is the best practice?

0
Comment
Question by:imranrft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 250 total points
ID: 33531701
It is possible yes (http://support.microsoft.com/kb/281271), but from a security and flexibility standpoint I would probably install an offline Root CA in the forest root domain, and a subordinate issuing CA in the child domain.

http://technet.microsoft.com/en-us/library/cc737834%28WS.10%29.aspx
0
 

Author Closing Comment

by:imranrft
ID: 33548926
Thanks man!!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question