Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ?
- From: Pascal <pascal_t@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 26 Mar 2008 11:20:10 +0100
Hi,
we are planning to deploy a certificate hierarchy.
First, we will have a Root CA (standalone Offline) and a subordinate CA (enterprise online integrated to AD).
My question is which certificate should I have to deploy to my computer Trusted Root Certification Authorities Store ? The Root CA or the Subordinate CA ?
I have read in Microsoft website that it should be the Root CA certificate (and not the Subordinate CA) but I dont understand why !
Indeed, imagine that in the future we decide to install a new subordinate Enterprise CA (child of the Root CA, so a brother of the first subordinate CA) for a new acquired company;
If we have installed the Root CA in our domain member computers, then they will trust every certificate delivered by the new subordinate Enterprise CA, am I right ?
This is not very nice as the new sub enterprise CA is not defined to trust computers for the "whole company" but just for the newly acquired company.
Please could you tell me what do you think about that ?
Thanks
--
Pascal
.
- Follow-Ups:
- Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ?
- From: Brian Komar \(MVP\)
- Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ?
- Prev by Date: FYI: Remote Server Administration Tools (RSAT) available for Windows Vista SP1
- Next by Date: Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ?
- Previous by thread: FYI: Remote Server Administration Tools (RSAT) available for Windows Vista SP1
- Next by thread: Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ?
- Index(es):
Relevant Pages
|
