This message was deleted.
# citrix-vads
Slackbot
03/07/2023, 7:57 PMThis message was deleted.
👍 1
p
paradizelost
03/07/2023, 8:18 PMi'm not personally familiar with FAS, but i'd expect with cert chains you'd want the ability to revoke a given sub-ca's certificates in the event of a breach. Personally i would have each sub-CA have its own private key.
👍 1
j
John Gallacher
03/07/2023, 8:56 PMChatGPT thinks the same as you 😉
🤣 4
r
Ray Davis
03/07/2023, 8:56 PMFunny because I do the same thing
🍻 2
c
c4rm0
03/07/2023, 9:42 PMNormally on your subordinate CA you have to have your root CA online and then then do an advanced cert request and go to the root and approve the pending request for the subordinate CA. When installing a subordinate CA through server manager you get to choose do you want to use a new private key or an existing one you only typically use an existing private key if you were doing a migration and had backed up the CA database and private key and had built a new server with same name and was restoring the CA using the backed up private key and database. So they should use a new private key for each sub CA
🍻 1
2 Views