PKI certificates to child domains
Hi, I installed new CA for a child domain and configured the templates/autoenrollment GPO. Now, the certificates are issued from a parent domain's CA and not from child domain's newly installed CA. Can you answer the following questions to understand this issue?. Thanks in advance for your time to read and answer my questions. 1) How can I issue certificates from the child domain's new CA? It looks like there is two-way trust is in place from parent to child domain. 2) The certificates are issued from parent domain's CA so is it due to two-way trust relationship? 3) What will happen if that two-way trust relationship is changed to one-way trust(child domain to parent and not from parent to child)
April 23rd, 2012 3:31pm

Hi, Certificate templates are assigned per CA. You need to verify that the certificate template used for auto enrolment are configured on the CA in the child domain with appropriate permissions for auto enrolment (read + enroll + auto enroll for users in the child domain. http://technet.microsoft.com/en-us/library/cc770794(WS.10).aspx Remove the auto enroll permissions from the certificate template (perhaps the same template is used in both domains?) used on the CA in parent domain, or if you dont need the template at all - unassign it from the parent domain CA. Best regards, Danielwww.twitter.com/danielullmark
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2012 8:40am

Thanks for your reply. Parent CA is configured(authenticated users:read, enroll and auto enroll) for User and Workstations templates and we need parent CA to issue certificates. I configured the same permissions in child CA but the certificates are issued from parent CA. I would like to issue the certificates for all authenticated users and workstations from child CA. How to configure? I am also seeing the certificates issued from parent CA are not stored in child domain's user properties.
April 24th, 2012 11:05am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics