|
Posted by Michael D'Angelo on May 3, 2007, 12:38 pm
Please log in for more thread options
We currently have a single Enterprise Certificate Authority installed on a
domain controller. After reading about best practices, I gather that this
is not really the right way to do it. (Plus I do not like being stuck with
this DC, if we needed to rebuild or remove it.)
I would like to set up an offline standalone root along with one or two
subordinate enterprise CAs. (For the number of certificates we use, I don't
think I need a 3-tier configuration.)
I don't see re-issuing the current certificates by hand to be a problem, but
once the new subordinate enterprise CA is up and running, how can I prevent
new auto-enrolled certificates from using the old CA before I've finished
moving everything? I'm not sure how long decommissioning the old one will
take, and if there is a way to be sure new certificates use the server, that
would help in the transition.
| 
XML Sitemap