Comments on: Public Key Infrastructure part 2 – main components //www.tech-coffee.net/public-key-infrastructure-part-2-main-components/ Mon, 23 Sep 2019 09:08:54 +0000 hourly 1 https://wordpress.org/?v=5.2.5 By: Romain Serre //www.tech-coffee.net/public-key-infrastructure-part-2-main-components/#comment-3605 Mon, 23 Sep 2019 09:08:54 +0000 //www.tech-coffee.net/?p=1723#comment-3605 Hello,

The main issue occurs when revoking the sub ca. In case of security issue, if you revoke this kind of Sub CA, you impact all certificates and not just users or computers.

]]>
By: Marc //www.tech-coffee.net/public-key-infrastructure-part-2-main-components/#comment-3597 Thu, 12 Sep 2019 15:16:34 +0000 //www.tech-coffee.net/?p=1723#comment-3597 “Sub CA should sign for CA certificates OR client certificates but not both.”

Hello thank you very much for that great crash course. Could you please give me an example where it is a problem to use the same Sub CA to sign both computer and user certificates in a middle size enterprise, where users and computers are both managed by the same person? I’m asking because I wanted to use a (Windows 2019) Sub-CA on the main DC for signing both user and computer certs, in order to concentrate FSMO roles and the private keys of the sub-CA on the same VM, so I always know which one is the most important to backup.

]]>