Scenario: a network device periodically switches to/from SSL and non-secure connections. When leaving secure mode it deletes all of its current certs (client, CA, CRL). When it goes back into secure mode it re-enrolls via SCEP to get a new client cert. It doesn't matter to us if the CA returns the original client cert again or returns a new one just as long as it works.
Question: Will ADCS NDES handle this ok? The network device isn't re-enrolling in the traditional sense because the previous client cert didn't expire. If that's a problem would it be possible for the network device to tell ADCS to revoke the original client cert first so that the new SCEP request would succeed? Our new system isn't running so I can't test it for myself yet. We're migrating from a different solution to Server 2008 R2. Thanks in advance for the help.
Todas as Respostas
You can use the Certification Authority snap-in to revoke a certificate, to administer certificate revocation list (CRL) publication, and to specify the CRL Distribution Points (CDPs) published in every certificate issued by the certification authority (CA).
Revoking certificates and publishing CRLs
TechNet Community Support
Thank you for the reply. Can a network device issue a command to ADCS to revoke its own certificate remotely with no human involvement? If not, what will ADCS do if a network device tries to re-enroll when a valid certificate already exists? Will it simply give the existing certificate to the network device again?