PKI: can a SubCA be signed by another RootCA than the original?

KnowNothingThomas 21 Reputation points
2020-12-11T10:30:13.607+00:00

Hi,

Can an existing Enterprise Subordinate CA be signed by a new Root CA? This SubCA will be revoked by the original Root, as it will no longer be part of the current hierarchy. Our client may want to have the SubCA continue running without having to build an entirely new hierarchy and issue all certificates again.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,053 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,834 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
544 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vadims Podāns 9,121 Reputation points MVP
    2020-12-11T11:00:28.32+00:00

    Yes, just renew your SubCA with new key pair and sign request by another Root CA. It is supported.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.