Subordinate CA Issue
I'm using Win 2k8R2 and I have a Enterprise CA as part of my forest, and an additional Subordinate CA. When I try to request certs, all requests seem to go to the Enterprise CA. Is there something simple I'm missing here? I want all requests
and certs issues to come from the Sub CA.
June 25th, 2011 10:25pm
Hello,
first of all it is recommended to keep offline the root CA for security reasons.
It will be better to ask in Security forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 25th, 2011 11:33pm
Ok, I'll post this question there. When you say, keep offline, you mean like powered off? Why is that? This is coming from a place of ignorance, but how is revocation handled if the CA is offline?
June 26th, 2011 3:57am
Yes,
I mean powering it off.
It is more secure because once powered off, no one can attack it. In this case, the attacker can attack the subordiante CA and in this case, you power on the root CA and revoke its certificate.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2011 4:01am