Ping a Specific Port

Question

Chris Stankevitz

Asked: 2020-12-03 05:18:03 +0800 CST2020-12-03 05:18:03 +0800 CST 2020-12-03 05:18:03 +0800 CST

ADCS Subordinate CA: does the domain automatically trust the root

772

I created a subordinate "enterprise" CA server using ADCS on an active directory domain. The root CA that signed this subordinate CA's cert is not part of the windows domain.

Q1: Does the active directory domain automatically trust the root CA that signed the subordinate CA's cert? Microsoft ADCS has access to this root CA cert (when I loaded the signed subordinate cert into the CA) and there is no reason for ADCS to not send the cert out to all domain members.

Q2: If not, what is the canonical/proper way to get the domain members to trust the root CA?

1 Answers

Voted

RichardA · Answer 1 · 2020-12-03T06:31:15+08:00

RichardA

2020-12-03T06:31:15+08:002020-12-03T06:31:15+08:00

You will need to export the root CA certificate (to a USB stick if the ROOT CA is - hopefully - not network connected). You then need to publish the certificate to AD using certutil -dspublish RootCACertificate RootCA. Once this is done, all domain-joined computers will get the certificate added to their list of Trusted Root Certification Authorities and should then start to trust your subordinate CAs.

0

ADCS Subordinate CA: does the domain automatically trust the root

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?