Issuing CA - Common Name?

B

BillL

Hi,

Our MS PKI environment currently includes 1 offline root CA and 1
online enterprise issuing CA. We want to add a 2nd enterprise issuing
CA for redundancy. I believe that this 2nd issuing CA should have a
different Common Name than the 1st issuing CA. It's not clear from
the documentation that I have looked at. Is this a correct
assumption?

Thanks,
Bill
 
P

Paul Adare

On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:

> Our MS PKI environment currently includes 1 offline root CA and 1
> online enterprise issuing CA. We want to add a 2nd enterprise issuing
> CA for redundancy. I believe that this 2nd issuing CA should have a
> different Common Name than the 1st issuing CA. It's not clear from
> the documentation that I have looked at. Is this a correct
> assumption?

It _must_ have a different common name.

--
Paul Adare
http://www.identit.ca
Programmers do it bit by bit.
 
B

BillL

On Jun 23, 5:11 pm, Paul Adare <pkad...@gmail.com> wrote:
> On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:
> > Our MS PKI environment currently includes 1 offline root CA and 1
> > online enterprise issuing CA.  We want to add a 2nd enterprise issuing
> > CA for redundancy.  I believe that this 2nd issuing CA should have a
> > different Common Name than the 1st issuing CA.  It's not clear from
> > the documentation that I have looked at.   Is this a correct
> > assumption?
>
> It _must_ have a different common name.
>
> --
> Paul Adarehttp://www.identit.ca
> Programmers do it bit by bit.

Thanks Paul.
 
N

Neil

Hi
the reason why it must have a different common name is because being an
enterprise CA it publishes certain information to Active Directory. If 2
enterprise CAs had the same common name then there would be 2 machines trying
to publish the same data.
The easiest way to find the data I am talking about it to start 'Active
Directory Sites and Services'
Click to high-light Active Directory Sites and Services[FQDN of domain
controller]
Click View > Show Services Node
Now expand Services
Expand 'Public Key Services'
Look in the AIA, CDP, Enrollment Services folders for Enterprise CA info.

"BillL" wrote:

> On Jun 23, 5:11 pm, Paul Adare <pkad...@gmail.com> wrote:
> > On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:
> > > Our MS PKI environment currently includes 1 offline root CA and 1
> > > online enterprise issuing CA. We want to add a 2nd enterprise issuing
> > > CA for redundancy. I believe that this 2nd issuing CA should have a
> > > different Common Name than the 1st issuing CA. It's not clear from
> > > the documentation that I have looked at. Is this a correct
> > > assumption?
> >
> > It _must_ have a different common name.
> >
> > --
> > Paul Adarehttp://www.identit.ca
> > Programmers do it bit by bit.
>
> Thanks Paul.
>
 
You must log in or register to reply here.

Similar threads

Y
  • Article
Introducing Copilot+ PCs
Replies
0
Views
91
Yusuf Mehdi
Y
A
  • Article
Announcing Windows 11 Insider Preview Build 26120.1843 (Dev Channel)
Replies
0
Views
51
Amanda Langowski
A
C
  • Article
Windows Terminal Preview 1.19 Release
Replies
0
Views
122
Christopher Nguyen
C
D
OCSP Verification failed with error code
Replies
0
Views
1K
Deb_bose
D
B
  • Article
Announcing Windows 11 Insider Preview Build 22621.2129 and 22631.2129
Replies
0
Views
165
Brandon LeBlanc
B
Back
Top Bottom