Neil
Wed Jul 16 23:42:08 CDT 2008
Hi
the reason why it must have a different common name is because being an
enterprise CA it publishes certain information to Active Directory. If 2
enterprise CAs had the same common name then there would be 2 machines trying
to publish the same data.
The easiest way to find the data I am talking about it to start 'Active
Directory Sites and Services'
Click to high-light Active Directory Sites and Services[FQDN of domain
controller]
Click View > Show Services Node
Now expand Services
Expand 'Public Key Services'
Look in the AIA, CDP, Enrollment Services folders for Enterprise CA info.
"BillL" wrote:
> On Jun 23, 5:11 pm, Paul Adare <pkad...@gmail.com> wrote:
> > On Mon, 23 Jun 2008 13:44:42 -0700 (PDT), BillL wrote:
> > > Our MS PKI environment currently includes 1 offline root CA and 1
> > > online enterprise issuing CA. We want to add a 2nd enterprise issuing
> > > CA for redundancy. I believe that this 2nd issuing CA should have a
> > > different Common Name than the 1st issuing CA. It's not clear from
> > > the documentation that I have looked at. Is this a correct
> > > assumption?
> >
> > It _must_ have a different common name.
> >
> > --
> > Paul Adare
http://www.identit.ca
> > Programmers do it bit by bit.
>
> Thanks Paul.
>