Certificate Auth. Cross Ceertificates

Brian 1 Reputation point
2021-02-03T20:40:26.42+00:00

We seem to be having issues with our certificates. I have found a bunch of Cross Certificates out there and not even sure how they got there. We only have one domain, one PKI so how do I stop them from getting created and or can I just delete them? Not finding much from google so any help would be appreciated.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,867 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Hannah Xiong 6,276 Reputation points
    2021-02-04T02:37:21.213+00:00

    Hello,

    Thank you so much for posting here.

    A cross-certificate is a digital certificate issued by one Certificate Authority (CA) that is used to sign the public key for the root certificate of another Certificate Authority. Cross-certificates provide a means to create a chain of trust from a single, trusted, root CA to multiple other CAs.

    I have checked that there are also some cross certificates in my environment.

    63805-1.png

    For more information, we could refer to:
    https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification

    https://learn.microsoft.com/en-us/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.