Windows 2008 R2 Sub CA from a 2003 R2 Root CA
Is it possible to have a new Windows 2008 R2 Sub CA installed from a 2003 R2 Root CA? Our offline root has been offline for quite a while, but I don't see a reason to upgrade the root if it isn't necessary. Also, does the domain have to be 2008 to run a 2008 R2 Sub CA? Thanks!
November 1st, 2010 10:14am

yes, you can install w2008R2 SubCA under w2003R2 root. This process is not changed and generally you need: setup Enterprise Subordinate CA during installation choose to save request to a file finish installation wiward submit generated request to Offline Root CA and issue certificate copy issued certificate to Enterprise SubCA open Certification Authority MMC snap-in. Select root node, click Actions -> All Tasks -> Install CA Certificate. start CA service. note: if root CA has incorrect CDP/AIA configuration, CA certificate installation may fail because CA is unable to determine its own certificate revocation status. Prior to join Windows Server 2008 R2 server to a domain you MUST extend AD schema to Windows Server 2008 R2. http://technet.microsoft.com/en-us/library/cc773360(WS.10).aspx http://technet.microsoft.com/en-us/library/cc731728(WS.10).aspxhttp://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 10:56am

Just one clarification, You only need to update the schema if you plan to deploy HTTP-based authentication (the proxy server and the policy server). For normal PKI operations, you can still run with the 2003 schema Brian
November 1st, 2010 8:54pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics