• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 606
  • Last Modified:

Certification Authority and NPS

Installed Certification Authority and NPS on Windows 2008 R2 domain controller but did not configure NPS Certificate Template and Autoentrollment (never used the installation for RAS/IAS/RADIUS).

Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate.

Should I reinstall the Certfication Authority role, select existing certificate and then revoke the certificate before demoting the server to a member server?
0
McGruber
Asked:
McGruber
  • 2
1 Solution
 
MaheshArchitectCommented:
Not sure the meaning of "Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate"

If you are not using certificate authority, its no need to reinstall CA role again.
You can just delete the certificate.
If you want to move domain controller role from server and retain certificate authority, now just demote DC role to member server as you already have uninstalled CA role and then reinstall CA role.
Its supported. Do not change server hostname, other wise already issued certificates will fail to check CRL (Certificate revocation list)
Also you cannot change CA common name which is stored in active directory

Let me know if any confusion

Mahesh
0
 
McGruberAuthor Commented:
The domain controller is being demoted to a member server and then reloaded.  It had CA and NPS installed.  I removed both roles but did not revoke the certificate before I removed the CA role.  The certificate was never used.  How do I cleanly remove the certificate before demoting the DC?
0
 
MaheshArchitectCommented:
If certificate is not required, just delete it from certificate personnel store on server.

Just launch MMC console on server and add local computer certificates console and from there just delete certificate

Mahesh
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now