Share via

PKI Server Decommissioning

Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,696 Reputation points Microsoft Vendor
2020-07-15T07:04:52.847+00:00

================= 
Hi,

I have a SHA1 PKI server which is holding intermediate CA. Now I want to decommission the same as I have already migrated the certificates to SHA2.

Can I have a step by step procedure to decommission the intermediate certificate without disturbing other intermediate CAs and Root CA.

Thanks,

TechNet forum original post link:
https://social.technet.microsoft.com/Forums/en-US/ac7a4f15-5614-4d86-85a9-5e2ea7fe2989/pki-server-decommissioning?forum=winservermanager

Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
423 questions
0 comments
Accepted answer
  1. Jenny Yan-MSFT 9,326 Reputation points
    2020-07-15T08:48:07.6+00:00

    Welcome to our new Microsoft Q&A Platform.
    Hello,
    Thank you for posting in our TechNet forum.

    According to our description, we have a two-tier CA, one root CA server with multiple intermediate Enterprise CA servers. Now we want to decommission one of the intermediate enterprise CAs.

    If so, we can refer to the following article to decommission a Windows enterprise CA.

    How to decommission a Windows enterprise certification authority and remove all related objects
    https://support.microsoft.com/en-gb/help/889250/how-to-decommission-a-windows-enterprise-certification-authority-and-r

    But before we decommission one Windows enterprise CA, we should check all the certificates issued by this intermediate enterprise CA are expired or re-issued by other intermediate enterprise CAs.

    Thanks

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest