Is it possible to redundant Certification Authority ?
we use win2003 domain.
we have only one CA in the domain. So it is SPOF.
Is it possible to redundant Certification Authority ?
June 29th, 2012 6:17am
Depending on what SPOF you want to get rid of, you can either cluster the CA or set up another enterprise CA and configure it to deliver the same service as the first one.
Using clustering will cover most of the aspects of high-availability of a single CA including enrollment and revocation. Read more about clustering ADCS http://technet.microsoft.com/en-us/library/cc742517(v=ws.10).aspx
Having multiple enterprise CAs will cover the enrollment requirements bu you still need to cover revocation handling.
/Hasain
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2012 8:58am
Thank you.
Is it OK to have second Root Enterprise CA in the domain as backup ?
June 29th, 2012 7:03pm
Having a second enterprise CA will cover the enrollment of new and expired certificates but you need to take care of the CRL and revocation information related to the first one
/Hasain
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2012 4:57am
Thank you.
Is there easy way to make replica of existing CA ?
July 2nd, 2012 12:21am
Hi,
Regarding CA Redundancy, here are two threads for your reference:
Redundancy With Certification Authority
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/4aa1a95a-cfc6-42a6-98b0-0aab5b2f8634
subordinate redundancy
http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/9AD64EDD-61DA-4552-B30D-22418E1C8EF0
Regards
Kevin
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 2:06am
Hi,
Regarding CA Redundancy, here are two threads for your reference:
Redundancy With Certification Authority
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/4aa1a95a-cfc6-42a6-98b0-0aab5b2f8634
subordinate redundancy
http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/9AD64EDD-61DA-4552-B30D-22418E1C8EF0
Regards
Kevin
July 2nd, 2012 2:09am
Having a proper backup of the CA keys and certificates, CA database and the CA setting will give you such possibility but it is strongly not recommended to have the same CA in more than one instance at the same time.
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 2:10am
Having a proper backup of the CA keys and certificates, CA database and the CA setting will give you such possibility but it is strongly not recommended to have the same CA in more than one instance at the same time.
/Hasain
July 2nd, 2012 2:13am
Is it possible to make new Root CA and replicate original CA to new CA like Domain Controller ?
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 2:41am
No, this is not supported! You can not "replicate" a CA the way you describing it and your closest option is clustering!
/Hasain
July 2nd, 2012 2:52am
No, this is not supported! You can not "replicate" a CA the way you describing it and your closest option is clustering!
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 2:55am
This topic is archived. No further replies will be accepted.
Other recent topics
