Click here to get back home

Two Enterprise CAs?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Two Enterprise CAs? withawhye-ng 06-27-2007
Posted by withawhye-ng on June 27, 2007, 11:18 am
Please log in for more thread options
 Hello All,

I upgraded our Enterprise CA from Windows 2000 CA to Windows 2003
Standard and it now refuses to issue certificates. Is it possible to
set up another CA on a 2003 Enterprise box and have them online at the
same time? While I can't find documentation that recommends having
two CAs, I can't find anywhere that warns against it either.

Ideally, the new CA would start issuing certs, which would eventually
allow us to take the original box offline eventually. Oh, the 2003
Enterprise box is already in production, so renaming it isn't an
option.

Any insight or proposed soultions would be much appreciated.

Cheers,
Brent


Posted by Brian Komar on July 24, 2007, 8:35 am
Please log in for more thread options
 There is nothing that stops you from putting two enterprise CAs on the
network.
But....
You cannot take an existing enterprise CA offline without converting it to a
standalone CA
The enterprise CA configuration depends on AD and cannot be removed from the
network
I would look at the Best Practices whitepaper available at
www.microsoft.com/pki for some insight on setting up CA hierarchies.
You look like you are moving from a one-tier to a two-tiered CA hierarchy
Brian

> Hello All,
>
> I upgraded our Enterprise CA from Windows 2000 CA to Windows 2003
> Standard and it now refuses to issue certificates. Is it possible to
> set up another CA on a 2003 Enterprise box and have them online at the
> same time? While I can't find documentation that recommends having
> two CAs, I can't find anywhere that warns against it either.
>
> Ideally, the new CA would start issuing certs, which would eventually
> allow us to take the original box offline eventually. Oh, the 2003
> Enterprise box is already in production, so renaming it isn't an
> option.
>
> Any insight or proposed soultions would be much appreciated.
>
> Cheers,
> Brent
>


Similar ThreadsPosted
enterprise January 30, 2006, 1:46 am
Re: Two Enterprise CAs? July 19, 2007, 2:18 pm
Problems with Enterprise CA July 14, 2006, 4:39 am
What diffrent between Stand-alone CA and Enterprise CA November 8, 2005, 1:05 am
More than one enterprise root CA in a forest? January 18, 2006, 4:13 am
Difference between Enterprise Sub CA and Standalone Sub CA March 22, 2006, 3:00 pm
move enterprise root ca September 13, 2006, 8:09 am
Cannot Add Certificate Templates To Enterprise CA December 14, 2006, 7:45 pm
Installing Enterprise Root CA March 3, 2007, 10:00 am
Moving Enterprise Root CA March 22, 2007, 11:05 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap