Solved

How do I configure a Windows 2008 R2 Subordinate Certificate Server ?

Posted on 2014-09-17
5
250 Views
Last Modified: 2014-09-19
Hi everyone,

I am in the process of implementing a PKI environment. I have configured and created a CA root server.  I need this to be a 3 tier PKI infrastructure.  How do I create a subordinate server ? Do I export the root CA certificate and import it in to the subordinate server ?  I have read many articles but its just confusing...information overload.
0
Comment
Question by:CaussyR
  • 2
  • 2
5 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40330161
that is correct you also have to create and enable a certificate request from the subordinate CA to the root ca and authorize the request and from the root ca export the certificate.  also you should create a group policy that adds the root certificate to the trusted root certificate store on all of the machines.

you can now shutdown the root certificate server.  the root ca should not be domain joined. preferably in a virtual machine.
0
 

Author Comment

by:CaussyR
ID: 40331363
Thanks David.

I have been looking for step-by-step instructions to build an offline intermediate server but can not find anything.  Please, could you let me know how to build an offline intermediate server ?

I have seen some documentation but this discusses running the certutil command line etc - is this required to run an offline intermediary server ?
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40331727
0
 

Author Closing Comment

by:CaussyR
ID: 40331991
Thank you for all your help, great articles.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40332305
NP.
I have the two tier setup in my environment as followed by the articles.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now