IOS CA with offline root and multiple subordinates

Unanswered Question
Apr 22nd, 2008

Does anyone have specific experience with setting up an offline root CA with multiple subordinates issuing certs to routers for VPN authentication? I'm working on setting this up for testing and the documentation does not clearly state if I can have certificates on 2 devices, issued by different subordinates of the same root and have trust between them for authentication.

Thanks in advance,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cairnsm Tue, 04/22/2008 - 13:12

After testing and going over the documentation again, it looks like the answer is to configure a root (online) with multiple RA (registration authorities) below it. In initial testing, certs still needed to be granted at the root server, but hopefully this helps anyone looking to do a large scale PKI rollout.



This Discussion