Certificate Authority

  • Thread starter Thread starter Ninon Chassé
  • Start date Start date
N

Ninon Chassé

Hi,

We need to decommission a server that running certificate services and
planning on following MS KB889250.

http://support.microsoft.com/kb/889250

We use the MS Certificate Authority to issue certificates to our domain
controllers all external facing applications are using DigiCert issued
certificates. Are there any problems we should forsee when we revoke the DC
certificates?

We cannot use the DigiCert certicates on our DC as they are for a different
domain name.

Any help or comments would be appreciated.

Thanks

Ninon
 
The domain controllers will complain about this if you let them sit for a
long time -- the expiration period of the certs. Make sure you bring another
enterprise cert up and that the DCs all register with the new AD Integrated
Enterprise CA.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Ninon Chassé" wrote:

> Hi,
>
> We need to decommission a server that running certificate services and
> planning on following MS KB889250.
>
> http://support.microsoft.com/kb/889250
>
> We use the MS Certificate Authority to issue certificates to our domain
> controllers all external facing applications are using DigiCert issued
> certificates. Are there any problems we should forsee when we revoke the DC
> certificates?
>
> We cannot use the DigiCert certicates on our DC as they are for a different
> domain name.
>
> Any help or comments would be appreciated.
>
> Thanks
>
> Ninon
>
>
 
Thank you Ryan,

One more question, does it matter if the name of new AD Integrated Enteprise
CA is not the same as the old one? I hope it doesn't has we're very limited
with server hardware.

Thanks again

Ninon


"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
news:124DBDDD-6381-4412-83C2-F8A3FF750D9E@microsoft.com...
> The domain controllers will complain about this if you let them sit for a
> long time -- the expiration period of the certs. Make sure you bring
> another
> enterprise cert up and that the DCs all register with the new AD
> Integrated
> Enterprise CA.
> --
> Ryan Hanisco
> MCSE, MCTS: SQL 2005, Project+
> http://www.techsterity.com
> Chicago, IL
>
> Remember: Marking helpful answers helps everyone find the info they need
> quickly.
>
>
> "Ninon Chassé" wrote:
>
>> Hi,
>>
>> We need to decommission a server that running certificate services and
>> planning on following MS KB889250.
>>
>> http://support.microsoft.com/kb/889250
>>
>> We use the MS Certificate Authority to issue certificates to our domain
>> controllers all external facing applications are using DigiCert issued
>> certificates. Are there any problems we should forsee when we revoke the
>> DC
>> certificates?
>>
>> We cannot use the DigiCert certicates on our DC as they are for a
>> different
>> domain name.
>>
>> Any help or comments would be appreciated.
>>
>> Thanks
>>
>> Ninon
>>
>>
 
No, but you may have to force enrollment if something goes wrong. It doesn't
usually, but it is good to watch to be sure.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Ninon Chassé" wrote:

> Thank you Ryan,
>
> One more question, does it matter if the name of new AD Integrated Enteprise
> CA is not the same as the old one? I hope it doesn't has we're very limited
> with server hardware.
>
> Thanks again
>
> Ninon
>
>
> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
> news:124DBDDD-6381-4412-83C2-F8A3FF750D9E@microsoft.com...
> > The domain controllers will complain about this if you let them sit for a
> > long time -- the expiration period of the certs. Make sure you bring
> > another
> > enterprise cert up and that the DCs all register with the new AD
> > Integrated
> > Enterprise CA.
> > --
> > Ryan Hanisco
> > MCSE, MCTS: SQL 2005, Project+
> > http://www.techsterity.com
> > Chicago, IL
> >
> > Remember: Marking helpful answers helps everyone find the info they need
> > quickly.
> >
> >
> > "Ninon Chassé" wrote:
> >
> >> Hi,
> >>
> >> We need to decommission a server that running certificate services and
> >> planning on following MS KB889250.
> >>
> >> http://support.microsoft.com/kb/889250
> >>
> >> We use the MS Certificate Authority to issue certificates to our domain
> >> controllers all external facing applications are using DigiCert issued
> >> certificates. Are there any problems we should forsee when we revoke the
> >> DC
> >> certificates?
> >>
> >> We cannot use the DigiCert certicates on our DC as they are for a
> >> different
> >> domain name.
> >>
> >> Any help or comments would be appreciated.
> >>
> >> Thanks
> >>
> >> Ninon
> >>
> >>
>
 
Thank you Ryan!

I'll make sure to watch out for this.

Thanks again

Ninon

"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
news:435F0BA0-59CE-4FB4-8AF0-26E76111F5D6@microsoft.com...
> No, but you may have to force enrollment if something goes wrong. It
> doesn't
> usually, but it is good to watch to be sure.
> --
> Ryan Hanisco
> MCSE, MCTS: SQL 2005, Project+
> http://www.techsterity.com
> Chicago, IL
>
> Remember: Marking helpful answers helps everyone find the info they need
> quickly.
>
>
> "Ninon Chassé" wrote:
>
>> Thank you Ryan,
>>
>> One more question, does it matter if the name of new AD Integrated
>> Enteprise
>> CA is not the same as the old one? I hope it doesn't has we're very
>> limited
>> with server hardware.
>>
>> Thanks again
>>
>> Ninon
>>
>>
>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>> news:124DBDDD-6381-4412-83C2-F8A3FF750D9E@microsoft.com...
>> > The domain controllers will complain about this if you let them sit for
>> > a
>> > long time -- the expiration period of the certs. Make sure you bring
>> > another
>> > enterprise cert up and that the DCs all register with the new AD
>> > Integrated
>> > Enterprise CA.
>> > --
>> > Ryan Hanisco
>> > MCSE, MCTS: SQL 2005, Project+
>> > http://www.techsterity.com
>> > Chicago, IL
>> >
>> > Remember: Marking helpful answers helps everyone find the info they
>> > need
>> > quickly.
>> >
>> >
>> > "Ninon Chassé" wrote:
>> >
>> >> Hi,
>> >>
>> >> We need to decommission a server that running certificate services and
>> >> planning on following MS KB889250.
>> >>
>> >> http://support.microsoft.com/kb/889250
>> >>
>> >> We use the MS Certificate Authority to issue certificates to our
>> >> domain
>> >> controllers all external facing applications are using DigiCert
>> >> issued
>> >> certificates. Are there any problems we should forsee when we revoke
>> >> the
>> >> DC
>> >> certificates?
>> >>
>> >> We cannot use the DigiCert certicates on our DC as they are for a
>> >> different
>> >> domain name.
>> >>
>> >> Any help or comments would be appreciated.
>> >>
>> >> Thanks
>> >>
>> >> Ninon
>> >>
>> >>
>>
 
Back
Top