Home‎ > ‎Software‎ > ‎Microsoft‎ > ‎

Certificate Authority

Find CA Server

 In AD find the Members of the "Cert Publishers" group

Determine CA Type

http://www.open-a-socket.com/index.php/2009/05/12/how-to-find-your-certification-authorities-and-determine-what-type-they-are/

Log on to the CA Server and open a command prompt

certutil -dump
......
Config:                       'server.blah.com\blah.com'


based on the output of that command build the next command

certutil -cainfo -config $CONFIG type

certutil -cainfo -config server.blah.com\blah.com type

Uninstall CA

  1. Stop CA service on certificate server and observe the behavior (events, failures on DCs, clients).
  2. If CA service is left started, keep a check on Issued Certificates container on CA server, observe if any additional certificates are issued.

 Links

  1. How to decommission a Windows enterprise certification authority and how to remove all related objects = http://support.microsoft.com/kb/889250
  2. Checklist: Decommissioning a certification authority = http://technet.microsoft.com/en-us/library/cc786938(WS.10).aspx
  3. Uninstall a certification authority = http://technet.microsoft.com/en-us/library/cc785971(WS.10).aspx
  4. Processing Domain Controller Certificates = http://technet.microsoft.com/en-us/library/cc787009(WS.10).aspx

 

Comments