Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Certification Authority - Help Please

Proposed Answer Certification Authority - Help Please

  • Wednesday, May 16, 2012 10:14 AM
     
     
    Sign In to Vote
    0

    Hi,

    Right I may have abit of a problem, I have just checked our Certificate Authority server and we have had a certificate issued out to all of our machines. No one knows why!... This Cert wasn't there a week ago and shouldn't be there.

    Can this effect anything? no-one knows what this certificate authenticates against ("apart from a remote computer")

    What is the best way in removing this certificate from the clients? is it just a case of revoking the certificate?

    Sorry new to CA's so don't have much knowledge and new to the company which doesn't help.

    Also is there a way to see locally on the machine if the particular cert has been removed because all I can see is a cert from the CA server. no more details of the new cert?

    Thanks in advance.

    Mac

     

All Replies

  • Wednesday, May 16, 2012 8:21 PM
     
     
    Sign In to Vote
    0

    Certs are used for authentication.  I would check the security on your CA if people are issuing certs without approval. 

    You can revoke the cert if you don't need it.

    If the cert was issued to the computer you can use the Certificates MMC snapin for the local computer account and check under "Personal" the issued cert should be here.

     
  • Thursday, May 17, 2012 8:19 AM
     
     
    Sign In to Vote
    0

    Thanks for the reply, I have revoked the certs and I will be looking at the security of this server.

    I could not see the cert in the personal folder though by the way?

     
  • Monday, May 21, 2012 8:48 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hello,

     

    Thank you for your post.

     

    This is a quick note to let you know that we are performing research on this issue.

     

    Best Regards

    Elytis Cheng

    Elytis Cheng

    TechNet Community Support

     
  • Tuesday, May 22, 2012 7:27 AM
     
     Proposed Answer
    Sign In to Vote
    0

    Hi,

    There are 2 types of certficate store. one for user and another one for computer.  so please check it from both stores.

    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Proposed As Answer by Jason Mei Monday, May 28, 2012 5:49 AM
    •  
     
  • Wednesday, May 30, 2012 8:25 AM
     
     
    Sign In to Vote
    0

    Hi,

    please send me an update on this issue. thanks !

    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.