Cross Certification Windowes 2008 - Version 3 Certificate?
Hi,
We have just merged with organisation X who have a Windows 2003 PKI. One Forest is a Windows 2003 Forest and the ours is a Windows 2008 running a 2008 PKI. There is a cross Forest two way trust.
What I want to do is to do a Cross Certification between our Issuing CA and their Root to glue the PKI's together, the reason for this is that I don't want to re-issue thousands of Organisation X user certificates (not at the moment anyway). I think this
is the best way to go but would appriciate any feedback or comments.
Some things are puzzling me though and would appriciate some help:
(1) Organisation X's root is a Windows 2003 server, By applying the SHA2 Hotfix (kb968730) their root will be able to support SHA256?
(2) If their root has the hotfix (mentioned above) then can I create a Version 3 certificate (to support SHA256) for the Qualified Subordination Certificate and Cross Certification Authority?
(3) In the CSP provider, I assume I can select the HSM Vendor as the CSP?
November 2nd, 2010 7:35am