patricktam
asked on
Microsoft Certificate Server Database Replication
Our company has two Microsoft Certificate Server on two different sites. They are both installed on MS-Server 2012 R2 server and joined to the same AD domain. It is important and essential that the two Certificate Server database content should be synchronized with each other.
As I am new to Certificate Server and would like to know if the two Certificate Server database content (Including the CRL - Cert Revocation List) will be replicated and sync with each other through the AD replication process or other method need to be implemented ?
Is there a way to shorten the replicate time for the two Certificate servers ?
Appreciate your advice in advance.
Regards
Patrick Tam
As I am new to Certificate Server and would like to know if the two Certificate Server database content (Including the CRL - Cert Revocation List) will be replicated and sync with each other through the AD replication process or other method need to be implemented ?
Is there a way to shorten the replicate time for the two Certificate servers ?
Appreciate your advice in advance.
Regards
Patrick Tam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guy for giving me some insight.
ASKER
Good hints for my further investigation and testing
You should have an offline root CA and import the root ca certificate via group policy to all computers, you should use a request from each issuing CA to the root CA for a certificate, issue these two certs, remember which one goes to which machine, install them, now these issuing CA's can issue certs without a problem. point the CRL's and AIA's to the same web location i.e. pki.example.com