Reliable way to identify your certificate authorities

AnnaG 166 Reputation points
2024-02-29T14:40:22.1866667+00:00

Dear all, I started a new company and they asked me to work on something and identify the CAs, root CA and subordinate CAs in their environment. They have several I believe. What is the easiest and most reliable way to do this? Thanks

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Daniel Alejandro Rivera Dominguez 415 Reputation points Microsoft External Staff
    2024-02-29T15:36:51.46+00:00

    Hello, Thankyou for using the Microsoft Q&A forums. You can go to your Domain Controller and find the Cert Publishers group in Active Directory. It should have your servers with the Certificate Authority role. If you run the Certutil cmd there, you can get the info of the certificates installed. Hope it helps.


1 additional answer

Sort by: Most helpful
  1. AnnaG 166 Reputation points
    2024-02-29T17:35:51.9+00:00

    Thanks for the response. Yes I already did this and found the article but it does not have steps to tell me which is the root CA and which one's are the subordinates? I see three CA servers. Is there a way to find out? This is a very brief document. https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/find-name-enterprise-root-ca-server


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.