|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
J.Rotten
Guest
|
 Posted: Wed May 17, 2006 5:50 pm Post subject: DC - Certificate Authority |
 |
|
Hi,
I have a DC that needs replaced due to failing hardware. It holds no FSMO
roles and is not a GC. On this DC is installed an Enterprise Certificate
Authority. This CA was installed a long time ago. In the past we published
web servers via ISA Server which had a 3rd party certificate. The Windows
Cert was used for SSL encryption of credit card information between ISA and
the IIS web servers, keeping it safe from employees. We no longer host public
web servers in this fashion or need Certs for this reason. We have 6 DCs
spanning three sites. What is the best practice for removing this CA without
affecting domain replication, etc?
Thank you much!
John M. Sescourka |
|
| Back to top |
|
 |
|
|
Jorge Silva
Guest
|
| Posted: Thu May 18, 2006 11:31 pm Post subject: Re: DC - Certificate Authority |
|
|
Hi
here it goes:
complete all steps in this aricle:
How to decommission a Windows enterprise certification authority and how to
remove all related objects from Windows Server 2003 and from Windows 2000
Server
http://support.microsoft.com/kb/889250/en-us
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"J.Rotten" <J.Rotten@discussions.microsoft.com> wrote in message
news:C5ABBED3-CA97-4CBC-807C-842E23D7BE2C@microsoft.com...
| Quote: | Hi,
I have a DC that needs replaced due to failing hardware. It holds no FSMO
roles and is not a GC. On this DC is installed an Enterprise Certificate
Authority. This CA was installed a long time ago. In the past we published
web servers via ISA Server which had a 3rd party certificate. The Windows
Cert was used for SSL encryption of credit card information between ISA
and
the IIS web servers, keeping it safe from employees. We no longer host
public
web servers in this fashion or need Certs for this reason. We have 6 DCs
spanning three sites. What is the best practice for removing this CA
without
affecting domain replication, etc?
Thank you much!
John M. Sescourka |
|
|
| Back to top |
|
|
J.Rotten
Guest
|
| Posted: Fri May 19, 2006 2:15 pm Post subject: Re: DC - Certificate Authority |
|
|
"Jorge Silva" wrote:
| Quote: | Hi
here it goes:
complete all steps in this aricle:
How to decommission a Windows enterprise certification authority and how to
remove all related objects from Windows Server 2003 and from Windows 2000
Server
http://support.microsoft.com/kb/889250/en-us
|
Thanks Jorge!
That's one of the best MS articles I have read, nothing too far fetched! I'm
still a little concerned about this processes ramifications on domain
replication etc. We have web servers and SQL Servers at a remote site which
are the "bread and butter" of our company. They are the product. They are
also members of the domain and use domain accounts authenticating to one
another. An interruption in availablity of the product is not an option. Has
anyone had any experiences with removing a CA?
Thanks again Jorge!
John M. Sescourka, MCSE, CCNA, A+ |
|
| Back to top |
|
|
Jorge Silva
Guest
|
| Posted: Fri May 19, 2006 5:13 pm Post subject: Re: DC - Certificate Authority |
|
|
I already used this article some times and it worked very well for me.
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"J.Rotten" <JRotten@discussions.microsoft.com> wrote in message
news:92D53517-DA4E-4428-8803-A8E09F5777B6@microsoft.com...
| Quote: |
"Jorge Silva" wrote:
Hi
here it goes:
complete all steps in this aricle:
How to decommission a Windows enterprise certification authority and how
to
remove all related objects from Windows Server 2003 and from Windows 2000
Server
http://support.microsoft.com/kb/889250/en-us
Thanks Jorge!
That's one of the best MS articles I have read, nothing too far fetched!
I'm
still a little concerned about this processes ramifications on domain
replication etc. We have web servers and SQL Servers at a remote site
which
are the "bread and butter" of our company. They are the product. They are
also members of the domain and use domain accounts authenticating to one
another. An interruption in availablity of the product is not an option.
Has
anyone had any experiences with removing a CA?
Thanks again Jorge!
John M. Sescourka, MCSE, CCNA, A+ |
|
|
| Back to top |
|
|
|
|
