Re: Obtaining Enterprise subordinate CA certificate from a a stanalone root CA

From: Edward W. Ray $502974$ (homeboy_at_greekgod.net)
Date: 05/08/04

Next message: Chris Griffin: "Unable to Ping Domain"
Previous message: Chriss3: "Re: Please Help (Domain Issue)"
In reply to: Al Mulnick: "Re: Obtaining Enterprise subordinate CA certificate from a a stanalone root CA"
Next in thread: Marin Marinov: "Re: Obtaining Enterprise subordinate CA certificate from a a stanalone root CA"
Messages sorted by: [ date ] [ thread ]

Date: Sat, 8 May 2004 16:34:59 -0700

Actually, it is strange NOT to have a stand-alone root CA When building a
CA hierarchy using Windows Server 2003 PKI, you should use standalone CAs
for the root and intermediate (every non-issuing CA). This will facilitate
taking these CAs offline. The issuing CAs should can be enterprise CAs.

Having standalone and enterprise subordinate CAs also helps in heterogeneous
environments. I run both Windows and Linux clients and servers, both inside
and outside my AD domain.

"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:#D1Hr#JNEHA.3668@TK2MSFTNGP11.phx.gbl...
> IIRC, you need to issue the cert as a PKCS #10 file and then copy it over
to
> the Enterprise CA. Seems kind of a strange configuration to have the root
> CA as a standalone and the rest integrated. But...
>
>
>
> "Edward W. Ray (502974)" <homeboy@greekgod.net> wrote in message
> news:OoY4$CHNEHA.268@TK2MSFTNGP11.phx.gbl...
> > I have just added an Enterprise subordinate CA to my AD domain, which
> > already had a standalone root CA. I have issued the enterprise
> subordinate
> > certificate on the standalone root CA. How do I export this certificate
> to
> > my Enterprise subordinate CA so that I may enable it?
> >
> > Edward W. Ray
> >
> >
>
>

Next message: Chris Griffin: "Unable to Ping Domain"
Previous message: Chriss3: "Re: Please Help (Domain Issue)"
In reply to: Al Mulnick: "Re: Obtaining Enterprise subordinate CA certificate from a a stanalone root CA"
Next in thread: Marin Marinov: "Re: Obtaining Enterprise subordinate CA certificate from a a stanalone root CA"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Root certificate authority no longer added to client machines
... We have a standalone RootCA, ... Windows Server 2003 then you should be publishing the root ... certificate of the CA is added automatically to the Trusted Root ...
(microsoft.public.security)
Re: Enterprise Root CA Install
... Thank you for your input regarding the offline CA. ... I tested the concept of creating a "standalone ... root CA" based on a Technet article entitled "Deploying ... an "Enterprise subordinate CA" installation. ...
(microsoft.public.win2000.security)
Re: SSL Bridging Konfigurieren
... Nur alleine eine Sub oder Intermediate zu verwenden bringt dir ersteinmal ... > die eigene CAs aufgebaut haben und Scip den Content jetzt checken muss. ... konfigurierbaren Speicher für die vertrauten Root CAs verwenden? ...
(microsoft.public.de.german.isaserver)
Re: securing system after giving away root password
... >>root kited system is the way everyting has ever been. ... including sudo logs sent to a totally different server. ... but only sudo and an end user password. ... Since the person had to log in as a user the command to go to standalone is ...
(comp.os.linux.security)
Re: using the Root function with Algebraic and RPL
... Here's how to pacify the HP49/50 series' CAS: ... Now you can both graph _and_ numerically solve (ROOT, ISECT). ...
(comp.sys.hp48)