Enterprise CA problem RRS feed

  • Question

  • Hello guyz,

    I need some help regarding enterprise ca issue.

    Problem: Recently My main active directory server has crashed together with root enterprise ca. the server is up again and i'm trying to restore to previous CA state but cannot locate any backup. is it possible to restore PKI from a subordinate?? Previously the PKI has been deployed to 50+ server across the country, it would be disastrous for me to re-deploy a fresh one.

    note: the question above comes from a newbie ;p ..still trying to understand the cert/pki architecture. i could not find any stright-forward workaround for this issue elsewhere.

    Monday, March 14, 2011 1:39 AM

All replies

  • The root CA has its own certificate that it self-generated during the installation.  If you didn't back up the root (and don't have access to the original root CA data and key), you can't restore it.  The subordinate has a certificate that the root generated.  It can continue to function if the root is down.  Eventually, subordinate certificates will expire though.

    It sounds like you are facing a rebuild.


    Tuesday, March 22, 2011 11:20 PM