Jump to content

Certificate Authority

Guest Ninon Chassé

By Guest Ninon Chassé
in Windows 2003 Server

 Share

Recommended Posts

Guest Ninon Chassé

Guest Ninon Chassé

Posted
Posted

Hi,

 

We need to decommission a server that running certificate services and

planning on following MS KB889250.

 

http://support.microsoft.com/kb/889250

 

We use the MS Certificate Authority to issue certificates to our domain

controllers; all external facing applications are using DigiCert issued

certificates. Are there any problems we should forsee when we revoke the DC

certificates?

 

We cannot use the DigiCert certicates on our DC as they are for a different

domain name.

 

Any help or comments would be appreciated.

 

Thanks

 

Ninon

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Ryan Hanisco

Guest Ryan Hanisco

Posted
Posted

RE: Certificate Authority

 

The domain controllers will complain about this if you let them sit for a

long time -- the expiration period of the certs. Make sure you bring another

enterprise cert up and that the DCs all register with the new AD Integrated

Enterprise CA.

--

Ryan Hanisco

MCSE, MCTS: SQL 2005, Project+

http://www.techsterity.com

Chicago, IL

 

Remember: Marking helpful answers helps everyone find the info they need

quickly.

 

 

"Ninon Chassé" wrote:

> Hi,

>

> We need to decommission a server that running certificate services and

> planning on following MS KB889250.

>

> http://support.microsoft.com/kb/889250

>

> We use the MS Certificate Authority to issue certificates to our domain

> controllers; all external facing applications are using DigiCert issued

> certificates. Are there any problems we should forsee when we revoke the DC

> certificates?

>

> We cannot use the DigiCert certicates on our DC as they are for a different

> domain name.

>

> Any help or comments would be appreciated.

>

> Thanks

>

> Ninon

>

>

Guest Ninon Chassé

Guest Ninon Chassé

Posted
Posted

Re: Certificate Authority

 

Thank you Ryan,

 

One more question, does it matter if the name of new AD Integrated Enteprise

CA is not the same as the old one? I hope it doesn't has we're very limited

with server hardware.

 

Thanks again

 

Ninon

 

 

"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message

news:124DBDDD-6381-4412-83C2-F8A3FF750D9E@microsoft.com...

> The domain controllers will complain about this if you let them sit for a

> long time -- the expiration period of the certs. Make sure you bring

> another

> enterprise cert up and that the DCs all register with the new AD

> Integrated

> Enterprise CA.

> --

> Ryan Hanisco

> MCSE, MCTS: SQL 2005, Project+

> http://www.techsterity.com

> Chicago, IL

>

> Remember: Marking helpful answers helps everyone find the info they need

> quickly.

>

>

> "Ninon Chassé" wrote:

>

>> Hi,

>>

>> We need to decommission a server that running certificate services and

>> planning on following MS KB889250.

>>

>> http://support.microsoft.com/kb/889250

>>

>> We use the MS Certificate Authority to issue certificates to our domain

>> controllers; all external facing applications are using DigiCert issued

>> certificates. Are there any problems we should forsee when we revoke the

>> DC

>> certificates?

>>

>> We cannot use the DigiCert certicates on our DC as they are for a

>> different

>> domain name.

>>

>> Any help or comments would be appreciated.

>>

>> Thanks

>>

>> Ninon

>>

>>

Guest Ryan Hanisco

Guest Ryan Hanisco

Posted
Posted

Re: Certificate Authority

 

No, but you may have to force enrollment if something goes wrong. It doesn't

usually, but it is good to watch to be sure.

--

Ryan Hanisco

MCSE, MCTS: SQL 2005, Project+

http://www.techsterity.com

Chicago, IL

 

Remember: Marking helpful answers helps everyone find the info they need

quickly.

 

 

"Ninon Chassé" wrote:

> Thank you Ryan,

>

> One more question, does it matter if the name of new AD Integrated Enteprise

> CA is not the same as the old one? I hope it doesn't has we're very limited

> with server hardware.

>

> Thanks again

>

> Ninon

>

>

> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message

> news:124DBDDD-6381-4412-83C2-F8A3FF750D9E@microsoft.com...

> > The domain controllers will complain about this if you let them sit for a

> > long time -- the expiration period of the certs. Make sure you bring

> > another

> > enterprise cert up and that the DCs all register with the new AD

> > Integrated

> > Enterprise CA.

> > --

> > Ryan Hanisco

> > MCSE, MCTS: SQL 2005, Project+

> > http://www.techsterity.com

> > Chicago, IL

> >

> > Remember: Marking helpful answers helps everyone find the info they need

> > quickly.

> >

> >

> > "Ninon Chassé" wrote:

> >

> >> Hi,

> >>

> >> We need to decommission a server that running certificate services and

> >> planning on following MS KB889250.

> >>

> >> http://support.microsoft.com/kb/889250

> >>

> >> We use the MS Certificate Authority to issue certificates to our domain

> >> controllers; all external facing applications are using DigiCert issued

> >> certificates. Are there any problems we should forsee when we revoke the

> >> DC

> >> certificates?

> >>

> >> We cannot use the DigiCert certicates on our DC as they are for a

> >> different

> >> domain name.

> >>

> >> Any help or comments would be appreciated.

> >>

> >> Thanks

> >>

> >> Ninon

> >>

> >>

>

Guest Ninon Chassé

Guest Ninon Chassé

Posted
Posted

Re: Certificate Authority

 

Thank you Ryan!

 

I'll make sure to watch out for this.

 

Thanks again

 

Ninon

 

"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message

news:435F0BA0-59CE-4FB4-8AF0-26E76111F5D6@microsoft.com...

> No, but you may have to force enrollment if something goes wrong. It

> doesn't

> usually, but it is good to watch to be sure.

> --

> Ryan Hanisco

> MCSE, MCTS: SQL 2005, Project+

> http://www.techsterity.com

> Chicago, IL

>

> Remember: Marking helpful answers helps everyone find the info they need

> quickly.

>

>

> "Ninon Chassé" wrote:

>

>> Thank you Ryan,

>>

>> One more question, does it matter if the name of new AD Integrated

>> Enteprise

>> CA is not the same as the old one? I hope it doesn't has we're very

>> limited

>> with server hardware.

>>

>> Thanks again

>>

>> Ninon

>>

>>

>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message

>> news:124DBDDD-6381-4412-83C2-F8A3FF750D9E@microsoft.com...

>> > The domain controllers will complain about this if you let them sit for

>> > a

>> > long time -- the expiration period of the certs. Make sure you bring

>> > another

>> > enterprise cert up and that the DCs all register with the new AD

>> > Integrated

>> > Enterprise CA.

>> > --

>> > Ryan Hanisco

>> > MCSE, MCTS: SQL 2005, Project+

>> > http://www.techsterity.com

>> > Chicago, IL

>> >

>> > Remember: Marking helpful answers helps everyone find the info they

>> > need

>> > quickly.

>> >

>> >

>> > "Ninon Chassé" wrote:

>> >

>> >> Hi,

>> >>

>> >> We need to decommission a server that running certificate services and

>> >> planning on following MS KB889250.

>> >>

>> >> http://support.microsoft.com/kb/889250

>> >>

>> >> We use the MS Certificate Authority to issue certificates to our

>> >> domain

>> >> controllers; all external facing applications are using DigiCert

>> >> issued

>> >> certificates. Are there any problems we should forsee when we revoke

>> >> the

>> >> DC

>> >> certificates?

>> >>

>> >> We cannot use the DigiCert certicates on our DC as they are for a

>> >> different

>> >> domain name.

>> >>

>> >> Any help or comments would be appreciated.

>> >>

>> >> Thanks

>> >>

>> >> Ninon

>> >>

>> >>

>>

 Share
Go to topic listing
×
×
  • Create New...