Sigh....
You cannot estabish trust at a subordinate CA.
End of story.
I understand what you are asking, and this is not how PKI works
Please read the whitepaper referenced earlier before asking any more
questions on this
Brian
Yes I agree with you and perhaps you dont understand my question as I dont
have a fluent english.
I have understood too that if I install the Root CA cert, I will trust
every subordinate CA even if I dont have their certificates installed.
But my question is "why does Microsoft recommend to install the root CA and
not only the subordinate CA on client computers as if just the subordinate
CA is installed on them, then ONLY certificates delivered by this
subordinate will be trusted.
However, if we install the root CA certificate on computer, EVERY
certicates by EVERY CA subordinate will be trusted
Do you understand my question ?
Thanks
Best bet is for your to read the certificate revocation and status
checking
Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ? ... I have understood too that if I install the Root CA cert, I will trust... every subordinate CA even if I dont have their certificates installed. ... But my question is "why does Microsoft recommend to install the root CA ... (microsoft.public.windows.server.security)
Re: Smart cards deployment ... -If you install a subordinate CA that means that you'll need a Root CA or ... another subordinate CA, etc... ... -The CA deployment needs to be planned carefully. ... I have win 2003 server based domain. ... (microsoft.public.windows.server.active_directory)
Re: OWA and SSL - Confused... ... Can I install the root & subordinate on the same server?? ... > deployment, you'd install a root, which would be highly secure, and likely ... (microsoft.public.inetserver.iis.security)
Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ? ... Yes I agree with you and perhaps you dont understand my question as I dont have a fluent english. ... But my question is "why does Microsoft recommend to install the root CA and not only the subordinate CA on client computers as if just the subordinate CA is installed on them, then ONLY certificates delivered by this subordinate will be trusted. ... (microsoft.public.windows.server.security)
Re: Which certificate do I have to deploy ? Root CA or Subordinate CA certificate ? ... You cannot estabish trust at a subordinate CA. ... I have understood too that if I install the Root CA cert, I will trust every subordinate CA even if I dont have their certificates installed. ... But my question is "why does Microsoft recommend to install the root CA and not only the subordinate CA on client computers as if just the subordinate CA is installed on them, then ONLY certificates delivered by this subordinate will be trusted. ... (microsoft.public.windows.server.security)
