IT Consultant Everyday Notes

Just some problems/solutions storage

PKI: Why Root CA certificate is duplicated in Intermediate Certificate Authorities container?

Built another two-layer PKI infrastructure for one of my Customers and noted the offline Root CA certificate is added not just to “Trusted Root Certification Authorities” container but also to “Intermediate Certification Authorities” container in local store on domain joined machines.

Googled and looked around a bit and apparently it is by design. The best discussion/references is here:

According Brian Komar: “A root CA certificate can be an intermediate CA certificate after a root CA is renewed with a new key pair !!!!”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: