|
Posted by =?Utf-8?B?bWljcmE=?= on March 18, 2007, 7:00 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
there is an organisation with one enterprise root ca and one enterprise
subordinate ca. I have a task to move this root ca to new server (virtual
machine) and make it a offline root ca. In this case I have backuped root ca,
export configuration from registry - just like in KB298138. But after that
steps I can't do new installation with backuped certificate with key of root
ca (it's not my first CA moving, but first with error). Operating system:
Windows 2000 Server with SP4.
I have of course certificate and pair of keys - public and private, but in
the moment of try of new installation I receive message, that "This
certificate is selfsigned". Hmm, I know about this - it's certificate of root
ca. I searched Technet, Internet, news groups and I can't find any similar
described situations. I have tried to import this certificate on new server
(on virtual machine) in containers: Trusted Root CA, Third-Party Root CA and
others and it's without any results during install.
But I have next bad message: after backup of ca and backup of configuration
I removed old root ca machine account from domain and add new account (same
name but of course with sid)... I have no way to return.
Old root ca must be refreshed before September and I think maybe the best
solution in this case will be fresh installation of whole PKI infrastructure
- old infrastructure were installed without any configuration. It is possible
to have two disjoined (disconnected) PKI infrastructures in one AD Tree or
Forest?
Questions:
1. What I can do in the case of message, that certificate is selfsigned?
2. It is possible to have two disjoined PKI infrastructures in one AD?
| 
XML site map