Hello, Thankyou for using the Microsoft Q&A forums. You can go to your Domain Controller and find the Cert Publishers group in Active Directory. It should have your servers with the Certificate Authority role. If you run the Certutil cmd there, you can get the info of the certificates installed. Hope it helps.
Reliable way to identify your certificate authorities
Dear all, I started a new company and they asked me to work on something and identify the CAs, root CA and subordinate CAs in their environment. They have several I believe. What is the easiest and most reliable way to do this? Thanks
Windows for business | Windows Server | User experience | Other
-
Daniel Alejandro Rivera Dominguez 415 Reputation points Microsoft External Staff
2024-02-29T15:36:51.46+00:00
1 additional answer
Sort by: Most helpful
-
AnnaG 166 Reputation points
2024-02-29T17:35:51.9+00:00 Thanks for the response. Yes I already did this and found the article but it does not have steps to tell me which is the root CA and which one's are the subordinates? I see three CA servers. Is there a way to find out? This is a very brief document. https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/find-name-enterprise-root-ca-server