ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Replacing a failed CA

    IT Discussion
    certificate authority windows server 2012 r2
    4
    9
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KellyK
      Kelly
      last edited by

      Going back to a post I had up here about restoring a domain trust on a CA (which I was never able to successfully perform), there are some lingering issues. In particular my DCs were issued certs by the now defunct CA. I do not have a way to revoke those certs that I can find (perhaps using certutil...hmm). Any suggestions on how to get my DCs to stop using the certs pointed at the old CA so that they can autoenroll using the new CA?

      ObsolesceO 1 Reply Last reply Reply Quote 2
      • dbeatoD
        dbeato
        last edited by

        Take a look at this:
        https://support.microsoft.com/en-us/help/889250/how-to-decommission-a-windows-enterprise-certification-authority-and-r

        It should be able to help you and then you can auto enroll in the new CA.

        1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce @Kelly
          last edited by

          @kelly In what way is your DC using certificates?

          KellyK 1 Reply Last reply Reply Quote 0
          • KellyK
            Kelly @Obsolesce
            last edited by

            @tim_g said in Replacing a failed CA:

            @kelly In what way is your DC using certificates?

            Domain Controller Authorization and Domain Controller.

            I ended up just deleting the certs within CertMgr on the DCs themselves, and then requesting new ones. It appears to have fixed the problem.

            DashrenderD 1 Reply Last reply Reply Quote 3
            • KellyK
              Kelly
              last edited by

              No to fix the issue with our Macs not wanting to authenticate via RADIUS.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @Kelly
                last edited by

                @kelly said in Replacing a failed CA:

                @tim_g said in Replacing a failed CA:

                @kelly In what way is your DC using certificates?

                Domain Controller Authorization and Domain Controller.

                I ended up just deleting the certs within CertMgr on the DCs themselves, and then requesting new ones. It appears to have fixed the problem.

                I was wondering if it would simply be that simple.

                KellyK 1 Reply Last reply Reply Quote 0
                • KellyK
                  Kelly @Dashrender
                  last edited by

                  @dashrender said in Replacing a failed CA:

                  @kelly said in Replacing a failed CA:

                  @tim_g said in Replacing a failed CA:

                  @kelly In what way is your DC using certificates?

                  Domain Controller Authorization and Domain Controller.

                  I ended up just deleting the certs within CertMgr on the DCs themselves, and then requesting new ones. It appears to have fixed the problem.

                  I was wondering if it would simply be that simple.

                  I was leery of doing it at first since I didn't know what all was tied to those certs. In the end I just decided to go for it.

                  ObsolesceO 1 Reply Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @Kelly
                    last edited by

                    @kelly said in Replacing a failed CA:

                    @dashrender said in Replacing a failed CA:

                    @kelly said in Replacing a failed CA:

                    @tim_g said in Replacing a failed CA:

                    @kelly In what way is your DC using certificates?

                    Domain Controller Authorization and Domain Controller.

                    I ended up just deleting the certs within CertMgr on the DCs themselves, and then requesting new ones. It appears to have fixed the problem.

                    I was wondering if it would simply be that simple.

                    I was leery of doing it at first since I didn't know what all was tied to those certs. In the end I just decided to go for it.

                    You could always export the cert first before deleting it. That way you can always put it back.

                    KellyK 1 Reply Last reply Reply Quote 0
                    • KellyK
                      Kelly @Obsolesce
                      last edited by

                      @tim_g said in Replacing a failed CA:

                      @kelly said in Replacing a failed CA:

                      @dashrender said in Replacing a failed CA:

                      @kelly said in Replacing a failed CA:

                      @tim_g said in Replacing a failed CA:

                      @kelly In what way is your DC using certificates?

                      Domain Controller Authorization and Domain Controller.

                      I ended up just deleting the certs within CertMgr on the DCs themselves, and then requesting new ones. It appears to have fixed the problem.

                      I was wondering if it would simply be that simple.

                      I was leery of doing it at first since I didn't know what all was tied to those certs. In the end I just decided to go for it.

                      You could always export the cert first before deleting it. That way you can always put it back.

                      Too late for that... cough
                      0_1510771545875_quote-damn-the-torpedoes-full-speed-ahead-david-g-farragut-342437.jpg

                      1 Reply Last reply Reply Quote 1
                      • 1 / 1
                      • First post
                        Last post