cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

two CA in one domain

thanhtien19
Iron Contributor

‎Oct 21 2021 07:31 AM

‎Oct 21 2021 07:31 AM

two CA in one domain

Hi , We have root domain (corp.com) and child domain (abc.corp.com) ,we can build two server and add role certificate authority and configure to subca , server 01 subca name CA SUB 01 , server 02 sub CA 02. in the same domain can we build two CA ? it have effect domain as template will the same or different ? 

Labels:
13.5K Views
1 Like
1 Reply
Reply
1 Reply
LainRobertson

‎Oct 30 2021 05:29 PM

‎Oct 30 2021 05:29 PM

Re: two CA in one domain

Yes, you can build two (or more) certificate authorities within a domain. It's not commonly done and it's not something I'd advise under normal circumstances, but you can do it.

The certificate templates are stored in the Active Directory CN=Configuration partition, meaning that single location is used by all authorities (and their subordinates). This means that any changes to these Active Directory-stored templates is visible to all authorities.

Installing a second (or more) certificate authority will not affect the templates. The templates are only installed by default when using the "Enterprise CA" option (as distinct from the "Standalone" option) and if they already exist, are left alone.

Cheers,
Lain
0 Likes
Reply