Share via

Improperly decommisioned certificate authority

Anonymous
2024-01-24T22:13:27+00:00

I have a new job and I need to install a new certificate authority in my 2016 domain. In doing my research, I discovered someone built one in the past but simply turned down the server without uninstalling or moving the cert auth. What is the correct way to remove the remnants of this old cert auth and create a new one clean?

Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-25T02:11:32+00:00

    Hello Robby_McCarrell,

    Thank you for posting in Microsoft Community forum.

    To remove a CA, you can refer to steps in the link below.
    Decommission a Windows enterprise CA - Windows Server | Microsoft Learn

    To create a new one clean PKI, you can refer to steps in the link below.

    ADCS Step by Step Guide: Single Tier PKI Hierarchy Deployment - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)

    AD CS Step by Step Guide: Two Tier PKI Hierarchy Deployment - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)

    For PKI Tier, you can read the link below.

    Securing PKI: Planning a CA Hierarchy | Microsoft Learn

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments