Requesting Certificate from Subordinate CA

  • Thread starter Thread starter Richard
  • Start date Start date
R

Richard

Dear all,

I hope the Windows server Gurus here will be able to help me.

We have a windows 2000 AD structure. Certificate authority has been
installed on one of the Domain controller, and its working fine.
Recently I added a surbordinate CA runing on Windows 2003 server (Not a
domain controller) but in a child domain.

If users request Certificates via MMC certificate snap in, they are
issued with a certificate from the ROOT. If they tick the advance box
during request, they can browse and select the subordinate CA, and the
certificate is issued by the subordinate.

When requests are made via webenrollment via
http://subordinateCA/certsrv, certificates are issued correctly from
subordinate CA.

What we want is that users and computers on the Child Domain get thier
certificates automatically from the Subordinate CA without having to
tick the advance box when requesting certicates.

Thanks in advance.

Richard
 
Hello Richard,

You must configure public key group policy for the child domain so that the
purpose for certificate issued by your root CA can not be used for users. I
think this will solve your problem.

Regards,
 
Back
Top