Mc2102
asked on
Automatic revocation of certificates
Hello,
We are currently deploying a Root Certificate Authority running on a Windows Server 2008. The CA will auto-enroll all laptops for machine certificates. And that actually leads to my question. We have currently 400 laptops in the company. There are permanently laptops which are out of lease and are be swapped with new ones. As the new machines come online to the network they receive a cert but is there a way how we can automate the removal\revoke of the certificates on the CA when machines are being removed from the network or does this process has to be manual?I assume we are not the only ones facing this issue.
Thank you
Mc2101
We are currently deploying a Root Certificate Authority running on a Windows Server 2008. The CA will auto-enroll all laptops for machine certificates. And that actually leads to my question. We have currently 400 laptops in the company. There are permanently laptops which are out of lease and are be swapped with new ones. As the new machines come online to the network they receive a cert but is there a way how we can automate the removal\revoke of the certificates on the CA when machines are being removed from the network or does this process has to be manual?I assume we are not the only ones facing this issue.
Thank you
Mc2101
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I just double-checked on that. And the answer is 'yes' it stays in the same folder. Anyways thank you for you help.
ASKER
Thank you - there are some really good ideas in this answer how to approach this problem.
ASKER
Thank you for your response. The tactic with ajusting the time how long certificates are valid is actually a good approach. But even if a certificate is not valid anymore it will still stay in the 'Issued Certificates' folder right?
Thank you
Marcus