Demote Root CA to subordinate - lose existing certs?
- From: CH <CH@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 26 Feb 2008 20:28:00 -0800
With my limited understanding of Certificate Services (until now - hopefully
I'm learning!), I realize that sometime in the past I have created multiple
Enterprise Root CAs in the organisation. I have now read that this is OK,
but not desirable.
I'd like now to demote one rootCA back to an Ent Subordinate CA and retain a
single RootCA, and I'm guessing this is going to involve uninstalling CertSvc
and reinstalling on the machine being "demoted".
My big concern is the existing certs that have already been issued by that
CA - apart from it's own, it has issued Dom Controller certs for another 4
DCs.
How best can I handle this?
Can I uninstall/reinstall CertSvc without affecting the DCs who have certs
issued by this machine?
Any help would be much appreciated,
Cam
.
- Follow-Ups:
- Re: Demote Root CA to subordinate - lose existing certs?
- From: Brian Komar \(MVP\)
- Re: Demote Root CA to subordinate - lose existing certs?
- Prev by Date: Re: Strong passwords and user locking?
- Next by Date: Re: Demote Root CA to subordinate - lose existing certs?
- Previous by thread: {permissions} How should I do this?
- Next by thread: Re: Demote Root CA to subordinate - lose existing certs?
- Index(es):
Relevant Pages
|
