Hi all

We currently have a W2K8 R2 CA front ended by an NDES server providing certificates for mobile devices that access email via EAS.

When we built out the certificate server we did not take in to account and Disaster recovery for this server so now we have an active CA thats issues many CA's.

I have been tasked to bolster this side of our infrastructure so that we can still have access to our CA infrastructure in the event of a loss of the server of site. 

I've seen the articles on the internet suggesting we create a new CA with 2 x subordinates. The CA is powered down for safe keeping and the subordinates perform all of the certificate signing. I do have concerns about moving to this and would really like any pointers on how I should proceed.

Thanks

Hi,

Thanks for posting in Microsoft TechNet forums.

This is a general question.

Please refer to the link below:

Install a Subordinate Certification Authority

http://technet.microsoft.com/en-us/library/cc772192(v=ws.10).aspx

Defining CA Types and Roles

http://technet.microsoft.com/en-us/library/cc756989(v=ws.10).aspx

If you have specific problems,please feel free to let me know.

Ted