Certificate Authority

Find CA Server

 In AD find the Members of the "Cert Publishers" group

Determine CA Type

http://www.open-a-socket.com/index.php/2009/05/12/how-to-find-your-certification-authorities-and-determine-what-type-they-are/

Log on to the CA Server and open a command prompt

certutil -dump

......

Config:                       'server.blah.com\blah.com'

based on the output of that command build the next command

certutil -cainfo -config $CONFIG type

certutil -cainfo -config server.blah.com\blah.com type

Uninstall CA

1. Stop CA service on certificate server and observe the behavior (events, failures on DCs, clients).

2. If CA service is left started, keep a check on Issued Certificates container on CA server, observe if any additional certificates are issued.

 Links

1. How to decommission a Windows enterprise certification authority and how to remove all related objects = http://support.microsoft.com/kb/889250

2. Checklist: Decommissioning a certification authority = http://technet.microsoft.com/en-us/library/cc786938(WS.10).aspx

3. Uninstall a certification authority = http://technet.microsoft.com/en-us/library/cc785971(WS.10).aspx

4. Processing Domain Controller Certificates = http://technet.microsoft.com/en-us/library/cc787009(WS.10).aspx