|
Posted by Brian Komar [MVP] on April 2, 2007, 6:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
MarlonBrown@discussions.microsoft.com says...
> Hi,
> I configured a Win2003 server to be my offline root ca (workgroup).
>
> Now I am configuring an "Enterprise Subordinate CA", Windows 2003
> Enterprise.
>
> On my Win2003 Enterprise Server "IssuingCA" server, I go to Control Panel,
> Add/Remove Programs, I select "Certificate Services". Then I select
> "Enterprise Subordinate CA".
>
> My question is this:
> "Use an existing key"= I am following the Help file instructions on how to
> setup an Enterprise Subordinate CA. It says that here that I should "import"
> the .pfx file.
>
> Can you please clarify where I should import such .pfx file from? If it is
> from the Offline Root CA, please tell me exactly location I should get this.
> I am kind of confused on this.
>
>
>
The instructions sound a little off. I would recommend
using the Best Practices white paper available at
www.microsoft.com/pki instead of the Help files in this
case.
You would not be using an existing key, since you have
never built the CA before. You would generate the
request file (a .req file) and then submit that request
file at your offline CA.
The CA will issue a certificate which you should export
to a PKCS #7 file (.p7b). You would then import the .p7b
file at the subordinate enterprise CA to complete the
installation. This ties the certificate back to the key
pair you generated for the new CA.
Brian
| 
XML site map