Question : Certificates from Enterprise Root CA from parent domain to clients in child domain.

Can we issue certificates from Enterprise Root CA which is in parent domain to clients in child domain?

Currently, we have Enterprise Root CA installed in child domain xyz.abc.com. We want to remove this CA and set up a CA in the parent domain abc.com to issue certificates for both parent and child domain.

What is the best practice?

Answer : Certificates from Enterprise Root CA from parent domain to clients in child domain.

It is possible yes (http://support.microsoft.com/kb/281271), but from a security and flexibility standpoint I would probably install an offline Root CA in the forest root domain, and a subordinate issuing CA in the child domain.

http://technet.microsoft.com/en-us/library/cc737834%28WS.10%29.aspx

Random Solutions

Dock for Mac Laptop

psexec and copy file permissions

Moving Domino 8 server

ASP.NET Error: The page was not displayed because the request entity is too large.

Trusted Location Error Message "2001"

Windows 7 roaming profiles

Counting number of rows

Where is resistance, force arm, and fulcrum in a Wheelbarrow?

Cisco ASA CSC setup

Teaching iPhone app creation...Any advice?