ndalmolin_13
asked on
Questions regarding decommissioning an enterprise certificate authority in Server 2008
Hello Experts,
A couple of days ago my manager asked me to work on decommissioning our last Server 2008 domain controller. While going through the server's configuration, I realized that at some point in time in the past, someone had installed the Active Directory Certificate Services role and this server has been issuing certificates. Since certificate management is not something I have a lot of experience in, I have a couple of questions:
1. What is the best way to stop this certificate server from issuing new certificates?
2. In researching how to decommission a certificate authority, it looks like the process is to revoke the issued certificates and extend the life of the CRL. If I revoke the certificates on this CA server, will the computers whose certificates have been revoked automatically get new certificates from our actual CA server?
Thanks,
Nick
A couple of days ago my manager asked me to work on decommissioning our last Server 2008 domain controller. While going through the server's configuration, I realized that at some point in time in the past, someone had installed the Active Directory Certificate Services role and this server has been issuing certificates. Since certificate management is not something I have a lot of experience in, I have a couple of questions:
1. What is the best way to stop this certificate server from issuing new certificates?
2. In researching how to decommission a certificate authority, it looks like the process is to revoke the issued certificates and extend the life of the CRL. If I revoke the certificates on this CA server, will the computers whose certificates have been revoked automatically get new certificates from our actual CA server?
Thanks,
Nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.