Transition from a single enterprise CA to a tiered CA
- From: "Michael D'Angelo" <nospamnmdange@xxxxxxxxxxxxxxx>
- Date: Thu, 3 May 2007 12:38:57 -0400
We currently have a single Enterprise Certificate Authority installed on a
domain controller. After reading about best practices, I gather that this
is not really the right way to do it. (Plus I do not like being stuck with
this DC, if we needed to rebuild or remove it.)
I would like to set up an offline standalone root along with one or two
subordinate enterprise CAs. (For the number of certificates we use, I don't
think I need a 3-tier configuration.)
I don't see re-issuing the current certificates by hand to be a problem, but
once the new subordinate enterprise CA is up and running, how can I prevent
new auto-enrolled certificates from using the old CA before I've finished
moving everything? I'm not sure how long decommissioning the old one will
take, and if there is a way to be sure new certificates use the server, that
would help in the transition.
.
- Prev by Date: Re: do allowed perrmisions override denyed permissions?
- Next by Date: Re: do allowed perrmisions override denyed permissions?
- Previous by thread: Re: Windows 2003 Pre-authentication failed
- Next by thread: Windows service denied access to mapped drive
- Index(es):
Relevant Pages
|
