CA certificate renwal - three level PKI structure

Hi,

My organisation have Enterprise CA in the AD domain. Its certificate will
expire within 1 year from now, so we need to renew it. It is the "lowest" CA
in tree level PKI structure (higher level Root and Sub are standalone CAs).
Renewal event is an occasion to simplify our PKI structure. We don't
really need two higer level CAs, two level should be enough. The best
solution is to recertify Enterprise CA with Root CA not Sub CA as it was
done before. Has anyone did it before ? Is there any danger that PKI
services in domain will fail and become ususable ?

Thank you.

Martin.



.

Relevant Pages

  • Re: CA certificate renwal - three level PKI structure
    ... The catch though is that you could have certificates that were issued the day before the enterprise CA was renewed that will need to validate the previous enterprise CA certificate. ... It is the "lowest" CA in tree level PKI structure. ... We don't really need two higer level CAs, ...
    (microsoft.public.windows.server.security)
  • Re: do i need an Enterprise version to auto-enroll user certificate
    ... Root CA is enterprise version,does the sub CA need to be an ... What if Root CA is ... std version but sub CA is enterprise version, ... your certificate issuing CA, then the Enterprise Sub CA must be Enterprise ...
    (microsoft.public.windows.server.active_directory)
  • do i need an Enterprise version to auto-enroll user certificate
    ... I have root CA and sub CA. ... USers request certificate from sub CA. ... My question is, to enable user certificate auto-enrollment, if my Root CA is ... enterprise version,does the sub CA need to be an enterprise version windows? ...
    (microsoft.public.windows.server.active_directory)
  • BUG in "Try...Catch"
    ... Private Sub Form1_Load(ByVal sender As System.Object, ... der Fehler liegt...bin schon verzweifelt :-( ... Selber benutze VS .NET 2003 Enterprise Architekt ...
    (microsoft.public.de.german.entwickler.dotnet.vb)