Hi Support,
We have a Win2008 enterprise CA1 which generate certificate for our internal application in our domain. And we setup another Win2016 enterprise CA2 which used to generate certificate for some web application only. Both of them published the root certificate to domain client and enabled auto enrolment so system can renew certificate automatically.
After a few months, we found some internal application generate certificate in CA2, not CA1.
First, how can we prevent internal domain application generate certificate from CA2? Or force application work with target CA only?
Second, for those system auto generated certificate by CA2, any workaround can force the system re-generate certificate in CA1?
Thanks
Chong