Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Root Certificate & Subordinate question

Answered Root Certificate & Subordinate question

  • Monday, February 20, 2012 1:26 PM
     
     
    Sign In to Vote
    0

    We are looking to use SCEP to obtain certificates from AD to issue to mobile devices.  I do know we need a 2008 R2 server to be able to use SCEP.  

    The problem we may run into is our Root CA is still running on Server 2000.  Does this create any challenges, especially when adding a 2008 R2 as a new Subordinate into our existing certificate server environment?

     

All Replies

  • Monday, February 20, 2012 1:22 PM
     
     
    Sign In to Vote
    1

    We are looking to use SCEP to obtain certificates from AD to issue to mobile devices.  I do know we need a 2008 R2 server to be able to use SCEP.  

    The problem we may run into is our Root CA is still running on Server 2000.  Does this create any challenges, especially when adding a 2008 R2 as a new Subordinate into our existing certificate server environment?

      

    • Merged by Bruce-LiuModerator Tuesday, February 21, 2012 9:04 AM
    • Proposed As Answer by SecurityDev Tuesday, February 21, 2012 2:37 PM
    • Unproposed As Answer by SecurityDev Tuesday, February 21, 2012 2:38 PM
    •  
     
  • Monday, February 20, 2012 1:24 PM
     
     Proposed
    Sign In to Vote
    0

    Windows 2000 Server OS is past its supportability stage - so this would be the primary issue to be concerned about.

    For CA specific questions, refer to the security forum:

    http://social.technet.microsoft.com/Forums/en/winserversecurity/threads

    hth
    Marcin


     
  • Monday, February 20, 2012 1:35 PM
     
     Answered
    Sign In to Vote
    0

    NDES (windows implementation of SCEP protocol) is avaialbe in Windows Server 2003 (as add-on) and newer systems (as a built-in role Network Device Enrollment Service).

    Windows Server 2008 CA is compatible with Windows 2000 root.

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Windows PKI reference: on TechNet wiki

     
  • Monday, February 20, 2012 3:34 PM
     
     
    Sign In to Vote
    0

    I agree with Marcin about posting this to the CA forum and Windows 2000 legacy's status.

    In addition, and FYI, you'll need a v.2 certificate template for the purpose you posted, which wasn't supported until you install Certificate Services on Windows 2003 Enterprise Edition, or newer, but you need the Enterprise Editions, which the Standard Edition does not provide this template version, except 2008 R2 Standard, but 2008 R2 Std doesn't provide the web enrollment features. The CA forum will give you more specifics about this.

    Ace

    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn