You plan to implement a two-tier certification authority (CA) hierarchy with an offline root CA. You install the root CA, and then copy the certificate to the server that will become the new issuing CA. You have a file named rootca1_ContosoRootCA.crt that contains the root CA certificate. Client devices in the Active Directory Domain Services (AD DS) domain do not currently trust the root CA. All clients in the AD DS domain must trust the root CA. You need to install the issuing CA. What should you do?

A. Run the following command from an administrative command prompt:certutil –pulse rootca1_ContosoRootCA.crt TrustedRoot
B. Run the following command from an administrative command prompt:certutil –dspublish -f rootca1_ContosoRootCA.crt RootCA
C. On the domain controller, use Windows Explorer to open the rootca1_ContosoRootCA.crt file and add the root CA to the Trusted Root Certification Authorities store.
D. On the domain controller, use Windows Explorer to open the rootca1_ContosoRootCA.crt file and add the root CA to the Intermediate Certification Authorities
  Discussion forum

Question
0

Leave an answer