Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Need help Cross Signing between 2 RootCAs

Recommended Posts

Posted · Original PosterOP

I am following this guide on Creating a trust between 2 RootCAs the link :




I am confused How do I do Sign a CrossCA between the 2 RootCAs? Both servers are 2012 R2 DataCenter. If they are already Root CAs?



CPU: i5 4690 |CPU Cooler: CM Hyper 212 Evo | Motherboard: Z97-A | RAM: 4x4GB Kingston Memory 1600mhz | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 120GB Kingston V300 SSD | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 20" Dell  | OS: Win 10 Pro


Audio: Behringer 302USB Xenyx 5 Input Mixer | Neewer® NW-700 Microphone | Behringer PS400 Micropower Phantom Power Supply


Networking gear:  Dell OptiPlex 390 Domain Controller | Dell PowerEdge R210 II Exchange 2016 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5505 VPN  | Cisco Catalyst 3750 Gigabit Switch



Link to post
Share on other sites

wow thats some old looking document.


the normal best practice now would be to have an offline root CA and then subordinate issuing CAs in your seperate forests acting as intermediates. super easy as every forest member can get a cert from its AD integrated CA and you still keep a single root

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now