Jump to content

Certificate Authority Problem

Guest Mick Montalto

By Guest Mick Montalto
in Windows 2003 Server

 Share

Recommended Posts

Guest Mick Montalto

Guest Mick Montalto

Posted
Posted

I recently installed Certificate Authority onto my domain controller as an

Enterprise Root CA. This is fine but I had forgotten that during my Exchange

2003 implementation one of the consultants working on the job installed

Certificate Services on one of my mail servers as well to function with

Outlook Web Access. In the end we did not utlize the Windows certificate and

ended up purchasing a Verisign certificate due to some common errors we were

experiencing.

 

I now have no idea how that server was configured in terms of if it was a

standalone server, Enterprise Root CA or what.

 

How do I check to see what level of CA my Exchange 2003 server is at and

what impact will this have on my domain controller whom was not installed as

a subordinate CA to my Exchange Server?

 

Are there any ramifications to this problem?

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Justin Rich

Guest Justin Rich

Posted
Posted

Re: Certificate Authority Problem

 

I guess you could open the the mmc for it and see if you had issued and

certs. if none are issues i would assume it should be fine to pull out since

nothing is looking to it for cert verification.

 

Justin

 

"Mick Montalto" <MickMontalto@discussions.microsoft.com> wrote in message

news:E058330C-6DFF-428B-94C2-66229D6BB4BA@microsoft.com...

>I recently installed Certificate Authority onto my domain controller as an

> Enterprise Root CA. This is fine but I had forgotten that during my

> Exchange

> 2003 implementation one of the consultants working on the job installed

> Certificate Services on one of my mail servers as well to function with

> Outlook Web Access. In the end we did not utlize the Windows certificate

> and

> ended up purchasing a Verisign certificate due to some common errors we

> were

> experiencing.

>

> I now have no idea how that server was configured in terms of if it was a

> standalone server, Enterprise Root CA or what.

>

> How do I check to see what level of CA my Exchange 2003 server is at and

> what impact will this have on my domain controller whom was not installed

> as

> a subordinate CA to my Exchange Server?

>

> Are there any ramifications to this problem?

Guest Mick Montalto

Guest Mick Montalto

Posted
Posted

Re: Certificate Authority Problem

 

The mail server that I do not want to be the CA has issued 4 certificates (3

for EFS and 1 Domain Controller) and rejected hundreds of requests.

 

I want my Exchange mail server to not be a CA at all and I want my DC to be

my Enterprise Root CA.

 

I'm curious how to achieve this goal. Any assistance would be of great help.

 

"Justin Rich" wrote:

> I guess you could open the the mmc for it and see if you had issued and

> certs. if none are issues i would assume it should be fine to pull out since

> nothing is looking to it for cert verification.

>

> Justin

>

> "Mick Montalto" <MickMontalto@discussions.microsoft.com> wrote in message

> news:E058330C-6DFF-428B-94C2-66229D6BB4BA@microsoft.com...

> >I recently installed Certificate Authority onto my domain controller as an

> > Enterprise Root CA. This is fine but I had forgotten that during my

> > Exchange

> > 2003 implementation one of the consultants working on the job installed

> > Certificate Services on one of my mail servers as well to function with

> > Outlook Web Access. In the end we did not utlize the Windows certificate

> > and

> > ended up purchasing a Verisign certificate due to some common errors we

> > were

> > experiencing.

> >

> > I now have no idea how that server was configured in terms of if it was a

> > standalone server, Enterprise Root CA or what.

> >

> > How do I check to see what level of CA my Exchange 2003 server is at and

> > what impact will this have on my domain controller whom was not installed

> > as

> > a subordinate CA to my Exchange Server?

> >

> > Are there any ramifications to this problem?

>

>

>

Guest Justin Rich

Guest Justin Rich

Posted
Posted

Re: Certificate Authority Problem

 

well all you have to do is figure out what those 4 issued certs are on, and

replace them with certs from you new server. once those 4 have been updated

revoke the certs on your mail servers cert server and once it is no longer

servicing certs you can uninstall it.

 

i cant tell you how to do any of that because i dont really know how to, but

i would imagine it should be fairly straight forward if you are the one who

created and applied those certs to begin with. if you arent, well, good

luck. I have asked cert questions in here as well with no response. it seems

that the MS cert server isnt that big to them. there are no news groups for

it and the info on the net is pretty limited from what i can find.

 

sorry i cant be of more help.

 

Justin

 

 

 

"Mick Montalto" <MickMontalto@discussions.microsoft.com> wrote in message

news:5027BEC9-6B11-40D2-81D8-304214DE3F1A@microsoft.com...

> The mail server that I do not want to be the CA has issued 4 certificates

> (3

> for EFS and 1 Domain Controller) and rejected hundreds of requests.

>

> I want my Exchange mail server to not be a CA at all and I want my DC to

> be

> my Enterprise Root CA.

>

> I'm curious how to achieve this goal. Any assistance would be of great

> help.

>

> "Justin Rich" wrote:

>

>> I guess you could open the the mmc for it and see if you had issued and

>> certs. if none are issues i would assume it should be fine to pull out

>> since

>> nothing is looking to it for cert verification.

>>

>> Justin

>>

>> "Mick Montalto" <MickMontalto@discussions.microsoft.com> wrote in message

>> news:E058330C-6DFF-428B-94C2-66229D6BB4BA@microsoft.com...

>> >I recently installed Certificate Authority onto my domain controller as

>> >an

>> > Enterprise Root CA. This is fine but I had forgotten that during my

>> > Exchange

>> > 2003 implementation one of the consultants working on the job installed

>> > Certificate Services on one of my mail servers as well to function with

>> > Outlook Web Access. In the end we did not utlize the Windows

>> > certificate

>> > and

>> > ended up purchasing a Verisign certificate due to some common errors we

>> > were

>> > experiencing.

>> >

>> > I now have no idea how that server was configured in terms of if it was

>> > a

>> > standalone server, Enterprise Root CA or what.

>> >

>> > How do I check to see what level of CA my Exchange 2003 server is at

>> > and

>> > what impact will this have on my domain controller whom was not

>> > installed

>> > as

>> > a subordinate CA to my Exchange Server?

>> >

>> > Are there any ramifications to this problem?

>>

>>

>>

 Share
Go to topic listing
×
×
  • Create New...