Announcement

Collapse
No announcement yet.

Certificate Services

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate Services

    I installed CA to create a SSL for IIS. If I remove Certification Authority will that nullify my SSL certificate already created? Will that take down https?

  • #2
    Re: Certificate Services

    It would obviously take down your https. You could still make it work till ur certificate expires by adding your Root CA ceritificate in the machine's local Certificate store. That way ur certification path would be valid and the certificate would work till the expiry date.
    The Never Ending Loop of User Rights
    START
    Q. Why is Windows so insecure?
    A. Because everyone runs as Administrator.
    Q. Why does everyone run as Administrator (even when they know better)?
    A. Because they don't understand security and are afraid they will be prevented from doing things.
    Q. Why don't they understand security?
    A. Because they run as Administrator, bypassing all security.
    LOOP TO START

    Comment


    • #3
      Re: Certificate Services

      where is the local certificate store located?

      Comment


      • #4
        Re: Certificate Services

        You can use the certificates mmc and access the local machine's certificate store. In your SSL certificate's properties, you can use the certification path to trace back to the Root Certificate belonging to the root CA. You can then use the option to save it to file and create a .cer file. You can import this certificate to your Trust Root Authorities. Once this is done your SSL certificate's validity wouldnt be checked and it will work till it expires.
        The Never Ending Loop of User Rights
        START
        Q. Why is Windows so insecure?
        A. Because everyone runs as Administrator.
        Q. Why does everyone run as Administrator (even when they know better)?
        A. Because they don't understand security and are afraid they will be prevented from doing things.
        Q. Why don't they understand security?
        A. Because they run as Administrator, bypassing all security.
        LOOP TO START

        Comment


        • #5
          Re: Certificate Services

          why do you want to remove the CA????
          I don't see the logic for such action.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Certificate Services

            Originally posted by louisvillecat View Post
            I installed CA to create a SSL for IIS. If I remove Certification Authority will that nullify my SSL certificate already created? Will that take down https?
            It will nullify your ssl once you remove the CA. U cant use https then

            Comment


            • #7
              Re: Certificate Services

              Originally posted by Dumber View Post
              why do you want to remove the CA????
              I don't see the logic for such action.
              I want to migrate AD to another server.

              Comment


              • #8
                Re: Certificate Services

                Originally posted by abhi_admin View Post
                It will nullify your ssl once you remove the CA. U cant use https then
                No, it will not. The only implication is that the CRL (Certificate Revokation List) paths will not be available, and some SSL clients will complain about it.
                When a client establishes an SSL session, it does not contact the CA that issued the cert. Just google for "offline root CA" - this is actually a common practice for securing CA infrastructure.
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment


                • #9
                  Re: Certificate Services

                  Your work will not be effected by this except users might get few warnings Pop-Ups while accessing the site. Simply need to OK that.

                  The only problem you will face during renewal of this certificate but as you have already mentioned that you are removing CA due to migration so it indicates that you will get a new CA once you complete the migration. So you can get a new certificate from the new CA once that will come into production.
                  Kapil Sharma
                  ~~~~~~~~~~~~~
                  Life is too short, Enjoy It.

                  Comment

                  Working...
                  X