Scenario:
- We have two departments within IT; Say
Department-OLD
andDepartment-NEW
. - A single internal PKI environment exists and a root CA (singular) is trusted by All
endpoints
.
Problem:
Department-New
, in the same network, is doing a lot of new development. They need to issue certificates to all their systems and applications, but we don't want the remainder of the organization (Department-OLD
and endpoints
) to trust the certificates used by Department-NEW
.
How can this be accomplished?