I also launch Enterprise PKI > Manage AD containers and i see the objects there
use this Manage AD Containers dialog to cleanup old CA certificate from AD.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
This is related to my previous question about Old Root CA certificate that appears in trusted root cert store of my servers/ computers.
I check the Group policy and the old Root certificate is not published there.
So probably that the Root CA certificate was published in AD via CERTUTIL -DSPUBLISH, also the Old certificate is Publish not only in CN=Certification Authorities. But also in CN=AIA, CN=Enrollement Services and CN=KRA. Also the old PKI server is also in CN=CDP.
I also launch Enterprise PKI > Manage AD containers and i see the objects there
What is the best way to clean this up So that new servers will not get that Expired Certificate?
What is the best way also to cleanup the one in production?
I also launch Enterprise PKI > Manage AD containers and i see the objects there
use this Manage AD Containers dialog to cleanup old CA certificate from AD.
Hello,
Thank you so much for posting here.
To remove the old CA, we could refer to:
How to decommission a Windows enterprise certification authority and remove all related objects
https://support.microsoft.com/en-in/help/889250/how-to-decommission-a-windows-enterprise-certification-authority-and-r
For any question, please feel free to contact us.
Best regards,
Hannah Xiong