Guest BillL Posted June 23, 2008 Posted June 23, 2008 Hi, Our MS PKI environment currently includes 1 offline root CA and 1 online enterprise issuing CA. We want to add a 2nd enterprise issuing CA for redundancy. I believe that this 2nd issuing CA should have a different Common Name than the 1st issuing CA. It's not clear from the documentation that I have looked at. Is this a correct assumption? Thanks, Bill Quote
Guest Paul Adare Posted June 23, 2008 Posted June 23, 2008 On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote: <span style="color:blue"> > Our MS PKI environment currently includes 1 offline root CA and 1 > online enterprise issuing CA. We want to add a 2nd enterprise issuing > CA for redundancy. I believe that this 2nd issuing CA should have a > different Common Name than the 1st issuing CA. It's not clear from > the documentation that I have looked at. Is this a correct > assumption?</span> It _must_ have a different common name. -- Paul Adare http://www.identit.ca Programmers do it bit by bit. Quote
Guest BillL Posted June 26, 2008 Posted June 26, 2008 On Jun 23, 5:11Â pm, Paul Adare <pkad...@gmail.com> wrote:<span style="color:blue"> > On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:<span style="color:green"> > > Our MS PKI environment currently includes 1 offline root CA and 1 > > online enterprise issuing CA. Â We want to add a 2nd enterprise issuing > > CA for redundancy. Â I believe that this 2nd issuing CA should have a > > different Common Name than the 1st issuing CA. Â It's not clear from > > the documentation that I have looked at. Â Is this a correct > > assumption?</span> > > It _must_ have a different common name. > > -- > Paul Adarehttp://www.identit.ca > Programmers do it bit by bit.</span> Thanks Paul. Quote
Guest Neil Posted July 17, 2008 Posted July 17, 2008 Hi the reason why it must have a different common name is because being an enterprise CA it publishes certain information to Active Directory. If 2 enterprise CAs had the same common name then there would be 2 machines trying to publish the same data. The easiest way to find the data I am talking about it to start 'Active Directory Sites and Services' Click to high-light Active Directory Sites and Services[FQDN of domain controller] Click View > Show Services Node Now expand Services Expand 'Public Key Services' Look in the AIA, CDP, Enrollment Services folders for Enterprise CA info. "BillL" wrote: <span style="color:blue"> > On Jun 23, 5:11 pm, Paul Adare <pkad...@gmail.com> wrote:<span style="color:green"> > > On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:<span style="color:darkred"> > > > Our MS PKI environment currently includes 1 offline root CA and 1 > > > online enterprise issuing CA. We want to add a 2nd enterprise issuing > > > CA for redundancy. I believe that this 2nd issuing CA should have a > > > different Common Name than the 1st issuing CA. It's not clear from > > > the documentation that I have looked at. Is this a correct > > > assumption?</span> > > > > It _must_ have a different common name. > > > > -- > > Paul Adarehttp://www.identit.ca > > Programmers do it bit by bit.</span> > > Thanks Paul. > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.