Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do I configure a Windows 2008 R2 Subordinate Certificate Server ?

Posted on 2014-09-17
5
Medium Priority
?
286 Views
Last Modified: 2014-09-19
Hi everyone,

I am in the process of implementing a PKI environment. I have configured and created a CA root server.  I need this to be a 3 tier PKI infrastructure.  How do I create a subordinate server ? Do I export the root CA certificate and import it in to the subordinate server ?  I have read many articles but its just confusing...information overload.
0
Comment
Question by:CaussyR
  • 2
  • 2
5 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40330161
that is correct you also have to create and enable a certificate request from the subordinate CA to the root ca and authorize the request and from the root ca export the certificate.  also you should create a group policy that adds the root certificate to the trusted root certificate store on all of the machines.

you can now shutdown the root certificate server.  the root ca should not be domain joined. preferably in a virtual machine.
0
 

Author Comment

by:CaussyR
ID: 40331363
Thanks David.

I have been looking for step-by-step instructions to build an offline intermediate server but can not find anything.  Please, could you let me know how to build an offline intermediate server ?

I have seen some documentation but this discusses running the certutil command line etc - is this required to run an offline intermediary server ?
0
 
LVL 24

Accepted Solution

by:
yo_bee earned 2000 total points
ID: 40331727
0
 

Author Closing Comment

by:CaussyR
ID: 40331991
Thank you for all your help, great articles.
0
 
LVL 24

Expert Comment

by:yo_bee
ID: 40332305
NP.
I have the two tier setup in my environment as followed by the articles.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question