Do you plan to stand up another CA (or already have another CA in the environment)?
If so, removing the existing CA is not going to break anything (as the issued certs will still be valid), provided that nothing is relying on the CRL (or you have the CRL published somewhere else). You can issue new certs from the alternate CA that you have. Cheers Ken From: David Lum [mailto:david....@nwea.org] Sent: Tuesday, 20 November 2012 9:15 AM To: NT System Admin Issues Subject: RE: Certificate server operation You'll love this - nobody knows for sure. No smartcards for sure, but LDAPS..? Any way to audit something to find out? From: Free, Bob [mailto:r...@pge.com] Sent: Monday, November 19, 2012 1:44 PM To: NT System Admin Issues Subject: RE: Certificate server operation It <perhaps also> means that applications <dependent> on the DCs may be dependent on those certificates. Use any apps doing LDAPS to your DCs? Smartcards? etc... From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, November 19, 2012 12:30 PM To: NT System Admin Issues Subject: RE: Certificate server operation It means that applications on the DCs may be dependent on those certificates. From: David Lum [mailto:david....@nwea.org] Sent: Monday, November 19, 2012 12:44 PM To: NT System Admin Issues Subject: RE: Certificate server operation The only non-expired ones use the "Domain Controller" template and are handed out to the other DC's in the same domain, what does that tell us? There are none in "pending" either. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, November 19, 2012 8:06 AM To: NT System Admin Issues Subject: RE: Certificate server operation You look at the Certificate Authority MMC and see what certificates it has issued. From: David Lum [mailto:david....@nwea.org] Sent: Monday, November 19, 2012 10:57 AM To: NT System Admin Issues Subject: Certificate server operation Is there any way to see if a Certificate Authority is actually being used and servicing requests? I have a DC that's also a CA and I would like to know if it's actually being used as a CA (if yes, I need to move it) or if I can just remove the CA from this box and then DCPROMO it out of existence. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ PG&E is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
