Retire internal Windows root CA

404_username_not_found

11/8/22, 9:10 AM

A former colleague created an internal root CA named CA1 with server2008. During migration to a newer OS version a Server CA2 was created and CA1 turned off. Now my problem is, all systems still think they have to ask CA1 to get new certificates. So how do I tell them that CA1 does not exist anymore and they have to ask CA2?

If I open pkiview.msc on one of these servers it lists both servers as certificate authorithies.

282

2 + 0

active-directory

pki

certificate-authority

windows-server-2016

Score:1

Server

Crypt32

11/8/22, 9:29 AM

You need to decommission old CA from Active Directory using the following TechNet Wiki article: How to Decommission a Windows Enterprise Certification Authority and How to Remove All Related Objects

since your old CA is off, you need to complete only steps: 6, 7 and 9. Other steps are not applicable. After cleaning Active Directory from old CA remnants, make sure it will never be powered on.

0 + 0

Score:0

Server

djdomi

11/19/22, 9:23 AM

If someone, is looking for the complete Way

You can take a look here

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Retire internal Windows root CA

TH: เลิกใช้ Windows root CA ภายใน

RO: Retrageți CA rădăcină internă Windows

RU: Упразднить внутренний корневой ЦС Windows

VI: Gỡ bỏ CA gốc Windows nội bộ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.