CA Migration
hi all,
i have question implementing microsoft ca server. have offline root ca , enterprise sub ca in our network. both ca’s on windows 2003 server. planning migrate ca windows 2012 , issue unable find current offline root ca (probably must have got deleted mistake ex- personnel). there issue if delete whole ca information active directory sites , services without decommissioning subca , start fresh? it’s brutal way since i’m starting fresh……..
also extend use of microsoft ca. we’re using ca document signing. extend routers, client authentication , vpn login. should implement different subca each service or use 1 subca all?
thanks help.
aj
hi aj,
we planning migrate ca windows 2012 , issue unable find current offline root ca
would there issue if delete whole ca information active directory sites , services without decommissioning subca , start fresh?
are saying want decommission root ca keep using sub ca?
if yes, not possible make sub ca functional long time way, because sub ca need renew ca certificate, perform revocation checking.
if want decommission both cas, delete ad might way since cannot find root ca.
i extend routers, client authentication , vpn login. should implement different subca each service or use 1 subca all?
as mentioned above, please set new pki, since old 1 invalid unless root ca found. whether use multiple sub cas or not depends on workload.
more information you:
ad cs step step guide: 2 tier pki hierarchy deployment
best regards,
amy
please remember mark replies answers if , un-mark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com.
Windows Server > Security
Comments
Post a Comment