Link to home
Create AccountLog in
Avatar of Mc2102
Mc2102Flag for United States of America

asked on

Automatic revocation of certificates

Hello,

We are currently deploying a Root Certificate Authority running on a Windows Server 2008. The CA will auto-enroll all laptops for machine certificates. And that actually leads to my question. We have currently 400 laptops in the company. There are permanently laptops which are out of lease and are be swapped with new ones. As the new machines come online to the network they receive a cert but is there a way how we can automate the removal\revoke of the certificates on the CA when machines are being removed from the network or does this process has to be manual?I assume we are not the only ones facing this issue.

Thank you
Mc2101
ASKER CERTIFIED SOLUTION
Avatar of abbright
abbright
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Mc2102

ASKER

Abbright,

Thank you for your response. The tactic with ajusting the time how long certificates are valid is actually a good approach. But even if a certificate is not valid anymore it will still stay in the 'Issued Certificates' folder right?

Thank you
Marcus
Avatar of Mc2102

ASKER

I just double-checked on that. And the answer is 'yes' it stays in the same folder. Anyways thank you for you help.
Avatar of Mc2102

ASKER

Thank you - there are some really good ideas in this answer how to approach this problem.