Certification Authority Removal/Migration query

Ben 21 Reputation points
2021-02-02T10:48:15.847+00:00

Hi

So we have a Domain Controller with a certification authority which looks as though it was installed for a specific support tool as in the CA name it mentions the tool in this format: SERVERNAME-CA-SOFTWARE.

First, how do i know that this is actually being used and secondly, if it isnt can it be removed. all the devices on the network seem to have this certificate which runs from 2016 (which is when it was installed) to 2021. in the certification authority MMC console the only certificates that are issued are to domain controllers using the Domain Controller Template. there also seems to be one user.

My preference would be to remove this Certificate Authority set up and create a new one otherwise i'll need to migrate it if it is being used as I need to decommission the server that its on.

looking at this page: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects

I do not see any of the objects under step 6 within AD so I'm not sure it was even set up correctly as this was setup before I was an employee at the location.

From what I can tell is that they installed it using these instructions
http://gregtechnobabble.blogspot.com/2012/11/enabling-ldap-ssl-in-windows-2012-part-1.html

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Vadims Podāns 9,186 Reputation points MVP
    2021-02-02T12:42:52.403+00:00

    Please follow this guide (which is an updated version of Microsoft Learn article): https://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx

    If it is Enterprise CA, then there should be objects in AD.


  2. Vicky Wang 2,741 Reputation points
    2021-02-03T09:28:50.087+00:00

    Hi,

    Thanks for the update

    》》Would this affect any Active Directory functionality?

    base on my knowladage, Should have no effect.

    Hope this information can help you
    Best wishes
    Vicky


  3. Vicky Wang 2,741 Reputation points
    2021-02-08T09:48:02.977+00:00

    Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,
    Vicky

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.