I'm planning to remove/decomission the CA for a domain using article:
As far as I can tell the CA server and it's certificates aren't necessary. I find the certificates on domain controllers, Exchange 2010 server, user PCs, ect.). Some old and expired. Others still active and valid.
My knowledge of certificates and usage is pretty basic. So I'm being cautious and willing to ask silly questions, just to make sure I don't turn this into a wreakingball event.
The CA issued certificates can be found in the Personal, Trusted Root Certification Authorities, and Intermediate Certification Authorities folder of Certificates Console. I do not know how to determine what they are needed for or if I could/should reissue them as a self-sign certificate. Or if the just need to expire out and then take action (if any).
There could be a 'gottacha' somewhere and I'm looking for it. But currently, I cannot find any reason why a CA was setup in the domain in the first place.
Any advise or just plain help would be great.