Bill Herde
asked on
Rebuild a root CA
I have come upon a domain that has multiple servers complaining of expired domain certificates. Digging in it appears that there was a root CA server that is gone. There are two subordinate CA s in the domain, which of course are now useless.
It also looks like this issue has been going on for some time. The certificates are months out of date.
I have not been exposed to this situation without a backup of the root server. How does one go about fixing this?
It also looks like this issue has been going on for some time. The certificates are months out of date.
I have not been exposed to this situation without a backup of the root server. How does one go about fixing this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
At this point the root CA is dead as you indicated, so nothing that chains to it actually works.
There are no real implications, simply complete the cleanups to avoid template mishaps.
It's already not working, nothing else can be broken by replacing it.
There are no real implications, simply complete the cleanups to avoid template mishaps.
It's already not working, nothing else can be broken by replacing it.
ASKER
That took care of the problem. Thank you very much.
ASKER