The Ca Enrollment Process

The root CA certificate enrollment process is simple. During installation, a key pair is generated and the certificate is created and then signed by the root CA. When subordinate CAs are created, the process is different. The CA from which the certificate will be requested is called the parent CA. The server requesting the certificate is called the child CA.

Important Remember that the root CA and any CAs that have been so configured can issue CA certificates. 70-291 Exam

If the root CA is online, the following steps will occur during the installation of the subordinate CA:

1. The administrator installing the subordinate CA (the child CA) selects the type of A to be installed as either stand-alone subordinate CA or enterprise subordinate

2. The installation process prompts the administrator, who then selects or enters the parent CA (the CA from which to request the subordinate CA certificate).If the parent CA is a member of the same Active Directory infrastructure as the server that will become the child CA, the administrator might be able to browse to the CA.

3. A key pair for the CA certificate is generated by the child-to-be CA.

a. If the parent CA can be accessed online, the child-to-be CA is authenticated.

b. If the parent CA has been configured to automatically issue CA certificates,the child-to-be CA has been authenticated, and the process is being carried ut by an authorized administrator, the request is approved. A CA certificate,which includes the child CA's public key, is signed by the parent CA.

4. The certificate is sent to the child CA.

5. The child CA installs the certificate in its certificate store.

6. The installation process is completed, and the certificate services are started.

MCSE Certification If, however, the intended parent CA is not accessible online, a different process must be followed. This process is used when creating the second level in a CA hierarchy in which the root CA has been taken offline:

1. The administrator installing the subordinate CA selects the type of CA as either a stand-alone subordinate CA or enterprise subordinate CA.

2. The administrator requests that a certificate request form be created.

3. The installation process will prompt the administrator, who then enters the name of the parent CA.

4. A certificate request is created and can be saved to a floppy disk.

5. The installation process will continue, but the certificate service will not start and no certificates can be issued by the CA until its certificate is installed.

6. The administrator takes the certificate request to the offline CA and uses it to request a CA certificate.If the administrator has the permission to obtain a CA certificate, a certificate is created that includes the child CA's public key. The certificate can be saved to the floppy disk. This is the approval-step.

7. The administrator returns to the subordinate CA, installs the CA certificate, and starts the service.

 Article Source: http://www.informationbible.com/article-the-ca-enrollment-process-10642.html

 Article Tags: mcse, mcse exam, mcse certification, 70-291, 70-291 exam

Add new Comment

Your Name *
Your Email: *
Your Comments: *
Enter Validation Code: *

• Latest Ppc Advertising Articles
• More from Endeavor03