This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 87%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Hi There,
Just need help on this.
I have joined this organisation three years ago.
Last school holiday, we upgraded CA server successfully. Now on windows machine, I noticed that there are two enterprise CA certificates existed on MMC. One is the current "CA01-CA", which will expire on 2040. Also, I noticed there is another certificate "EX02-CA", which expire 25 Nov. With certificate template attribute, it is labelled as "Root Certificate Authority"..I am really confused as ex02 was our old Exchange 2010 server, which were powered off last year....If we use this CA, devices wont be able to authenticate successfully...Should I worry about this Ex02-CA certificate, which will expire soon??
also, I checked, under Active Directory Sites and Services, there are two certificate authorities CA01 and Ex02, two CDPs, two enrolment services, etc..
Thanks a lot for help
ML
You need to decommission old CA as per this guide: https://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx
Since server is no longer presented on a network, you can skip steps 1-5 and complete only steps 6 and 7. Most likely, you don't need to complete other steps.
Hi Thanks for that,
We actually only use Enterprise Root CA from CA01 server, so it does not matter if CA on Ex02 expires, right? I
Thanks
ML
Yes.