VMware Horizon Community
scottchamingsau
Contributor
Contributor
‎05-02-2022 11:10 PM

TrueSSO CertUtil commands affect one or all CA Servers?

Hi,

In the process of configuring TrueSSO.

I have an existing Enterprise PKI with an offline root and an online issuing CA.

Looking at Creating 2 new issuing CAs specifically for TrueSSO with the existing root CA as their root.

Will running the following commands on the new Issuing CAs affect just that Issuing CA or the entire PKI stack ?

certutil -setreg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTS
certutil -setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE

If affects all should I start a fresh RootCA for this and keep it separate from existing Root and Issuing CA?

Thanks

Scott

Labels (1)
Labels
0 Kudos
1 Reply
fabio1975
Commander
Commander
‎05-03-2022 12:48 AM

Ciao 

Yes, the changes affect the entire infrastructure but I advise you, if you have not done so, to read this KB carefully


https://kb.vmware.com/s/article/2149312


Where it is indicated that the first command
certutil -setreg DBFlags + DBFLAGS_ENABLEVOLATILEREQUESTS
has an impact on the infrastructure but a parameter must also be set within the certificate templates.

While the second command
certutil -setreg ca \ CRLFlags + CRLF_REVCHECK_IGNORE_OFFLINE

If your PKI is created correctly it may not be necessary. For this point, if you need I can give you more details and info.

 

Check the KB that I have indicated to you.

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

0 Kudos