Re: Issuing CA - Common Name?
- From: Neil <Neil@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 21:42:08 -0700
Hi
the reason why it must have a different common name is because being an
enterprise CA it publishes certain information to Active Directory. If 2
enterprise CAs had the same common name then there would be 2 machines trying
to publish the same data.
The easiest way to find the data I am talking about it to start 'Active
Directory Sites and Services'
Click to high-light Active Directory Sites and Services[FQDN of domain
controller]
Click View > Show Services Node
Now expand Services
Expand 'Public Key Services'
Look in the AIA, CDP, Enrollment Services folders for Enterprise CA info.
"BillL" wrote:
On Jun 23, 5:11 pm, Paul Adare <pkad...@xxxxxxxxx> wrote:.
On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:
Our MS PKI environment currently includes 1 offline root CA and 1
online enterprise issuing CA. We want to add a 2nd enterprise issuing
CA for redundancy. I believe that this 2nd issuing CA should have a
different Common Name than the 1st issuing CA. It's not clear from
the documentation that I have looked at. Is this a correct
assumption?
It _must_ have a different common name.
--
Paul Adarehttp://www.identit.ca
Programmers do it bit by bit.
Thanks Paul.
- Prev by Date: Re: Biometrics
- Next by Date: Use of Kerberos unreliable, can I force it?
- Previous by thread: Re: corrupted profiles and much more
- Next by thread: Use of Kerberos unreliable, can I force it?
- Index(es):
Relevant Pages
|
