[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Rebuild a root CA

Posted on 2014-08-29
4
Medium Priority
?
195 Views
Last Modified: 2014-08-29
I have come upon a domain that has multiple servers complaining of expired domain certificates.  Digging in it appears that there was a root CA server that is gone.  There are two subordinate CA s in the domain, which of course are now useless.

It also looks like this issue has been going on for some time.  The certificates are months out of date.

I have not been exposed to this situation without a backup of the root server.  How does one go about fixing this?
0
Comment
Question by:billherde
  • 2
  • 2
4 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40293417
At this point you would simply need to clean up and then create a new CA

Steps to cleanup:
http://support.microsoft.com/kb/555151

Here is also a question on another site covering this:
http://social.technet.microsoft.com/forums/windowsserver/en-US/b5a3fed5-2b39-4567-9130-8169add70c1c/certificate-authority-server-died
0
 
LVL 3

Author Comment

by:billherde
ID: 40293421
Is this safe on a production environment? What do I need to be "careful" of?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40293430
At this point the root CA is dead as you indicated, so nothing that chains to it actually works.

There are no real implications, simply complete the cleanups to avoid template mishaps.

It's already not working, nothing else can be broken by replacing it.
0
 
LVL 3

Author Closing Comment

by:billherde
ID: 40293908
That took care of the problem.  Thank you very much.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question