braunmiller
asked on
old MSCEP RA certificates are being used by ndes service
Hello,
our Root CA certificate has been renewed so we also needed to renew our MSCEP-RA certificates on the Windows 2008 R2 server where the NDES servides is located. We gave the ndes service account full rights on the private keys of the new certificates. But the ndes service keeps on requesting certificates from our Root CA using the old (now expired) RA certificates.
How do we make the service use the renewed ones?
Best Regards,
Andreas
our Root CA certificate has been renewed so we also needed to renew our MSCEP-RA certificates on the Windows 2008 R2 server where the NDES servides is located. We gave the ndes service account full rights on the private keys of the new certificates. But the ndes service keeps on requesting certificates from our Root CA using the old (now expired) RA certificates.
How do we make the service use the renewed ones?
Best Regards,
Andreas
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We solved the problem by a reinstall of the ndes service.
When you are looking at the Certificates MMC snap-in, the focus in on Computer account, not User account, correct? (do not use certmgr.msc for this)
You technically should just need Read access for the service account, but I understand going for full for troubleshooting purposes.
Restart IIS if you haven't. You also might consider rebooting the OS if you haven't.
Does anything interesting show up in the system or application event logs?