?
Solved

Certificates from Enterprise Root CA from parent domain to clients in child domain.

Posted on 2010-08-25
2
Medium Priority
?
1,224 Views
Last Modified: 2012-05-10
Can we issue certificates from Enterprise Root CA which is in parent domain to clients in child domain?

Currently, we have Enterprise Root CA installed in child domain xyz.abc.com. We want to remove this CA and set up a CA in the parent domain abc.com to issue certificates for both parent and child domain.

What is the best practice?

0
Comment
Question by:imranrft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 1000 total points
ID: 33531701
It is possible yes (http://support.microsoft.com/kb/281271), but from a security and flexibility standpoint I would probably install an offline Root CA in the forest root domain, and a subordinate issuing CA in the child domain.

http://technet.microsoft.com/en-us/library/cc737834%28WS.10%29.aspx
0
 

Author Closing Comment

by:imranrft
ID: 33548926
Thanks man!!
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question