Re: Difference between Certificate Authorities

Tech-Archive recommends: Speed Up your PC by fixing your registry

Hell,

thanks for your reply.

I got your point but my main concern is:

If my Enterprise Root is crashed then certificate issue by Enterprise root
CA will be served by Enterprise Sub Ordinate CA.


Regards
Neeraj Mehra





"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:697E4AE8-BF62-446A-90B6-CDD3C6F22904@xxxxxxxxxxxxxxxx
Hi
- A Root CA is the first CA to be created and has NO CA above.
- Enterprise CA is a CA that is in an AD Domain and provides unique
features (like auto enrollment) to that forest/domain.

You're comparing 2 distinct things.
- Enterprise CAs Vs Standalone CAs - (the first one is in a domain and
published in your AD, the second one may be in a domain or not but is not
published in your Active Directory domain and does not provide auto
enrollment)

- Root CAs Vs Subordinate Vs Issuing CAs. Root CAs are in the top of the
hierarchy, bellow that CA you can have a hierarchal structure of many
subordinate/issuing CAs that perform specific certificate related jobs.

For instance you could have a hierarchy like this:

Standalone Root CA -> Standalone Subordinate CA -> Enterprise Issuing CA.

The first CA is in a workgroup, the second CA is in a Workgroup the third
CA is in your domain. Of course the 1 and 2 CA could be in your domain as
well, but only the Enterprise CA can perform auto enrollment for your
users/computers that belong to the domain where the Enterprise CA is at.



--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Neeraj Mehra" <mehra.neeraj@xxxxxxxxxxx> wrote in message
news:ue$Ff1SEKHA.3556@xxxxxxxxxxxxxxxxxxxxxxx
Hello,

What is difference between Enterprise Root CA and Enterprise Sub ordinate
CA.

Regards
Neeraj Mehra




.

Relevant Pages

  • Re: EFS and Certificate Services
    ... > I created a Enterprise Root CA with a Enterprise Subordinate CA for issuing ... An Enterprise Root CA computer cannot be offline. ... I check the thumbprint of the file and the certificate which matched. ... The best practice is to issue the certificates *before* any encryption ...
    (microsoft.public.win2000.security)
  • Re: Difference between Certificate Authorities
    ... If your CA crashes, your main concern should be recover that CA, for that to happen you need a good backup plan strategy. ... If my Enterprise Root is crashed then certificate issue by Enterprise root CA will be served by Enterprise Sub Ordinate CA. ... Enterprise CAs Vs Standalone CAs - (the first one is in a domain and published in your AD, the second one may be in a domain or not but is not ...
    (microsoft.public.windows.server.active_directory)
  • Re: Certificate Authority type
    ... documented infrastructure and precedures around that - one cannot trust PKI ... I installed> a enterprise root and enterprise subordinate in my lab and it does not show> the enterprise subordinate in S&S. ...
    (microsoft.public.security)
  • Re: Enterprise Root CA change
    ... If you want to replace your existing Enterprise CA to a new computer you can ... CA to a new computer by backing up the existing CA keys, certificate ... I would like to setup a new Win2k3 enterprise root ...
    (microsoft.public.windows.server.security)
  • Re: CA Stand Alone Root vs Enterprise Root
    ... for greater security - it should be offline on a member server not joined to ... should it be configured for AD or just a member server? ... >> An enterprise CA must stay online. ... >>> vreate an Enterprise Root CA and then install a subordinate CA, ...
    (microsoft.public.win2000.security)