R
Randy Smith
I have a Win2003 AD domain with an untrusted root CA (it is installed on a
DC) that I would like to remove. I have already built a new offline root CA
and online enterprise issuing CA in this domain. My DCs and ISA servers
(same machines) are not getting the domain controller certificates or ISA
certificates. I believe this is because of the existing untrusted
certificate already assigned to the computer account in AD but I'm not
positive. Both DCs (again ISA as well) are members of the Cert Publishers
security group. Do I need to remove the existing CA to get the domain
controller certificate from the new issuing CA to install correctly? If so,
what are the proper steps in removing the CA? There is only one certificate
that is still in use for this CA and it is for a test webserver.
Thanks for your help!
Randy Smith
DC) that I would like to remove. I have already built a new offline root CA
and online enterprise issuing CA in this domain. My DCs and ISA servers
(same machines) are not getting the domain controller certificates or ISA
certificates. I believe this is because of the existing untrusted
certificate already assigned to the computer account in AD but I'm not
positive. Both DCs (again ISA as well) are members of the Cert Publishers
security group. Do I need to remove the existing CA to get the domain
controller certificate from the new issuing CA to install correctly? If so,
what are the proper steps in removing the CA? There is only one certificate
that is still in use for this CA and it is for a test webserver.
Thanks for your help!
Randy Smith