|
Posted by Brian Komar [MVP] on September 21, 2006, 6:47 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I want to create a root ca, subordinate ca, and then a trust between them. I
> have the knowledge base article to do that. Second question, how can I tell
> if my CA right now is the "root CA". Where can I tell in the properties?
>
> "Brian Komar [MVP]" wrote:
>
> > news@atlantis.si says...
> > > Hi Kristina,
> > >
> > > You simply create another one -- just like you did with the first one.
> > > Clients will then see both of them and will contact one or the other.
> > >
> > >
> > There is a little more to this. Are you creating a hierarchy or are you
> > creating two root CA's within the organization. What is the size of your
> > organization? What types of certificates are you issuing?
> >
> > We need more details to tell you how best to deploy the second CA.
> > Brian
> >
>
Wow, you need to start from square one if you are unsure if it is a root
CA... A root CA by definition possesses a self-signed certificate. In
other wordes, the subject and issuer will match in the certificate.
I recommend that you look at the best practices white paper immediately:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/security/ws3pkibp.mspx
Brian
| 
XML site map