Solved

Certificate Services

Posted on 2014-10-18
3
153 Views
Last Modified: 2014-10-18
Hi All

I'm setting up Certificate Services for internal use in our AD domain which has a parent / child domain structure. The parent domain contains only DC accounts. All clients and users are housed in the child domain. I have built an offline root CA without issue following a TechNet guide. The next thing I need to do is build the subordinate CA to issue the certificates - no issues with doing this but where do I place it ? Should it be in the parent domain or should it be in the child domain or do I need to build two subordinate CAs one in each domain ? Your advice will be greatly appreciated !
0
Comment
Question by:Karmez
  • 2
3 Comments
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40388645
It depends whether you want certificates for users or certificates for servers. If both then you need seperate CAs for each domain.
0
 

Author Comment

by:Karmez
ID: 40388658
Thanks Peter - I am going to need both so I will put subordinates in each domain.
0
 

Author Closing Comment

by:Karmez
ID: 40388660
Amazing how fast I got the answer I needed - thanks Peter
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question