PKI: can a SubCA be signed by another RootCA than the original?

KnowNothingThomas 21 Reputation points
2020-12-11T10:30:13.607+00:00

Hi,

Can an existing Enterprise Subordinate CA be signed by a new Root CA? This SubCA will be revoked by the original Root, as it will no longer be part of the current hierarchy. Our client may want to have the SubCA continue running without having to build an entirely new hierarchy and issue all certificates again.

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

Accepted answer
  1. Vadims Podāns 9,186 Reputation points MVP
    2020-12-11T11:00:28.32+00:00

    Yes, just renew your SubCA with new key pair and sign request by another Root CA. It is supported.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.