Marc PETIT
asked on
PKI MIGRAITON windows 2012 server SHA1 TO SHA2 ?
Hi evyrone
I am I'm in the process migration PKI SHA TO sha2 : so i decided to creating a new infrastructure, with new root certificate - and re-issue all certificates.
I need your help My architecture PKI is composed of TWO Tier :
1- Macklamore-root-ca: root certificate CA AUTHORITY offline standalone
Domaine: local \Adminsecu this Vm will be off (should be switched on for updates to the certificate revocation list)
address some network
2-Web sense-sub CA is a standalone SubCA signed by MaklamoreRoot CA. This CA is used by WebSense appliances to inspect proxy traffic. This SubCA does not provide any certificate.
domaine \apnet
address some network
i access for this 2 machine in RDP
so my question is how to publish certificate revocation list and AIA ? but the two machine is in different domain ?
Thank you for advance
I am I'm in the process migration PKI SHA TO sha2 : so i decided to creating a new infrastructure, with new root certificate - and re-issue all certificates.
I need your help My architecture PKI is composed of TWO Tier :
1- Macklamore-root-ca: root certificate CA AUTHORITY offline standalone
Domaine: local \Adminsecu this Vm will be off (should be switched on for updates to the certificate revocation list)
address some network
2-Web sense-sub CA is a standalone SubCA signed by MaklamoreRoot CA. This CA is used by WebSense appliances to inspect proxy traffic. This SubCA does not provide any certificate.
domaine \apnet
address some network
i access for this 2 machine in RDP
so my question is how to publish certificate revocation list and AIA ? but the two machine is in different domain ?
Thank you for advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and the SubCA is in computer-domain?
For AIA and CRL - just use HTTP publishing - https://blogs.technet.microsoft.com/enterprisemobility/2009/05/01/how-to-publish-the-crl-on-a-separate-web-server/