I would like to remove certificate authority and services from my 2008 R2 Enterprise DC.
On my issued certificates in the certification authority I have 30 or so certificates half of which are expired or invalid.
There are Basic EFS certificates (issues when someone tries to encrypt a file) and there are Domain Controller certificates.
This certificate authority was implemented in the past to place a self signed certificate for Exchange. No other use was intended for this certificate authority and I do not have any use for this now.
My questions are:
1- Which procedure should I follow to remove my certificate authority properly from this DC. Is this KB 889250?
2- Will this have any ill effect on domain controller communication? Will i get any errors after I remove this?
3- When I installed my certification authority did this change the way domain controllers communicate?
4- If i remove the certification authority and services, how will my domain controllers communicate? Will this be less secure?
5- If 4 is true, how can I then make DC comms secure?
Thanking you in advance,