No announcement yet.

New root CA coexisting with another root CA

  • Filter
  • Time
  • Show
Clear All
new posts

  • New root CA coexisting with another root CA

    Question: I have configured a new Root CA to run in parellel with another root CA which i plan to decomission. I've set it up but I'm having problems getting the computers to auto enroll a computer certificate. When I go to GP and select New under "Automatic Certificate Request Settings" but dont see the templete I made (Computer Authentication) I only see Computer which is from the other CA.

    What can I do to get this working?

    Also, I would not mind deleteing the new CA and redoing it if I need to so we can start from scratch.

  • #2
    Re: New root CA coexisting with another root CA

    If you haven't already check out this MS article:-

    My colleague and I just did something similar for one of our clients, as I recall we took the old CA offline first, then configured a new one with an offline root and an online Issuing CA, and then when it was configured we set the DCs to auto-enroll from the new Issuing CA.

    There are a multitude of options for just about everything in CAs though, so I would definitely recommend sticking to the best practices document for simplicitys sake.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    Cruachan's Blog