Sign in

Microsoft.com

United States (English)

Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Italia (Italiano)Россия (Русский)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特别行政區 (中文)

Windows Server TechCenter

Windows Server TechCenter > Windows Server Forums > Security > When an Enterprise subordinate CA is offline

When an Enterprise subordinate CA is offline

Friday, November 06, 2009 4:38 AMSNeo

0
Sign In to Vote
Hi, I'm just trying to understand this:

In a two-tier PKI setup with a standalone root CA and two Enterprise subordinate CAs, will the certificates issued by a subordinate CA be valid if the issuing CA becomes unavailable?

cheers,
soon
- Reply
- Quote

Answers

Friday, November 06, 2009 5:58 AMBrian Komar [MVP]MVP

0
Sign In to Vote
Only if you have created measures to re-sign the previous CRL. Once the CRL of a failed CA expires, applications that perform CRL checking will fail.
Brian
- Marked As Answer bySNeo Monday, November 09, 2009 1:38 AM
- Reply
- Quote

All Replies

Friday, November 06, 2009 5:58 AMBrian Komar [MVP]MVP

0
Sign In to Vote
Only if you have created measures to re-sign the previous CRL. Once the CRL of a failed CA expires, applications that perform CRL checking will fail.
Brian
- Marked As Answer bySNeo Monday, November 09, 2009 1:38 AM
- Reply
- Quote
Monday, November 09, 2009 1:46 AMSNeo

0
Sign In to Vote
Thanks Brian,
soon
- Reply
- Quote

Need Help with Forums? (FAQ)