question

NamlessShelter-6097 avatar image
0 Votes"
NamlessShelter-6097 asked Crypt32 commented

Old CA Certificate and Old CA server

Hi There,

Just need help on this.

I have joined this organisation three years ago.

Last school holiday, we upgraded CA server successfully. Now on windows machine, I noticed that there are two enterprise CA certificates existed on MMC. One is the current "CA01-CA", which will expire on 2040. Also, I noticed there is another certificate "EX02-CA", which expire 25 Nov. With certificate template attribute, it is labelled as "Root Certificate Authority"..I am really confused as ex02 was our old Exchange 2010 server, which were powered off last year....If we use this CA, devices wont be able to authenticate successfully...Should I worry about this Ex02-CA certificate, which will expire soon??

also, I checked, under Active Directory Sites and Services, there are two certificate authorities CA01 and Ex02, two CDPs, two enrolment services, etc..

Thanks a lot for help
ML

windows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Crypt32 avatar image
0 Votes"
Crypt32 answered Crypt32 commented

You need to decommission old CA as per this guide: https://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx

Since server is no longer presented on a network, you can skip steps 1-5 and complete only steps 6 and 7. Most likely, you don't need to complete other steps.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Thanks for that,

We actually only use Enterprise Root CA from CA01 server, so it does not matter if CA on Ex02 expires, right? I

Thanks
ML

0 Votes 0 ·
Crypt32 avatar image Crypt32 NamlessShelter-6097 ·

Yes.

0 Votes 0 ·