Hi
I am just looking for some guidance for renewing Issuing Certificate Authority keys... The conversation at work at the moment is that we need to "revoke" all existing issues certificates as soon as we renew the keys, and I just don't see how that would be practical.
I also seen in this wiki http://social.technet.microsoft.com/wiki/contents/articles/2016.root-ca-certificate-renewal.aspx that you can do CrossCA certificate signing. I have got this working in the LAB but I wanted to check... But I was wondering if this is and RFC standard or just something that Microsoft does in ADCS?
Also can anyone point me to more official usage case for the certutil -CrossCA option in TechNet or else where other than just this wiki?
Thanks
Alan Burchill
Alan Burchill (MVP)
http://www.grouppolicy.biz
@alanburchill