Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.
You need to ensure users are able to enroll new certificates.
What should you do?
A.
Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CA .
B.
Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in the users’ profile.
C.
Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.
Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.