No announcement yet.

2008R2 Domain with 2003 Enterprise ROOT CA

  • Filter
  • Time
  • Show
Clear All
new posts

  • 2008R2 Domain with 2003 Enterprise ROOT CA

    Hey Guys.

    I need to decomission old CA - I'm bricking it!!!! lol.......... I shouldn't be laughing if this goes wrong.......

    Ok, this CA was setup by myself years ago for the purpose of RPC over HTTPS(outlook) self-signed certificate for our users, the setup was fairly small. Over the years user count has grown some what, currently about 800 users for outlook. When migrating from Exchange 2003 to Exchange 2010 we purchased a proper wildcard certificate, therefore not requiring the self-singed cert anymore.

    Many moons have passed without a thought about the old Certificate Authority still running on an old server 2003 box.

    Having been asked to remove this server, I opened ADMINISTRATIVE TOOLS|Certification Authority. When I view ISSUED CERTIFICATES, I see many certs passed their expiration date...... and several which are not- these are the ones I need help with.

    The valid certs issued by this old CA are to users for Basic EFS and 1 for each DOMAIN CONTROLLER within my domain(7 dc's in 4 SITES).

    The issued certs for my domain controllers are shown like this: Domain Controller (Domain Controller)

    I'm worried that if I progress with decomissioning this CA I'll cock-up my authentication/logons/outlook/SQL/ etc.

    I have read some docs regarding CA removal, but wanted to get you guy's opinion on this.

    P.S This is an Enterprise ROOT CA - If I remember correctly.