AD CS Expired Root CA

bizcntradmin 191 Reputation points
2020-08-02T07:02:15.56+00:00

We have a 2 tier PKI environment. Every time i add a server in the domain 2 expired Root certificate appears in the Intermediate CA store of new server.

one is certificate template cross certification authority template and other is Root Certification template which are both expired

We previously have a cross certification to other PKI but its already decommission.

I would like to know how to stop new computers on getting that certificate and is there a way to cleanup the prod server who has that expired certificate?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,225 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,951 questions
Accepted answer
  1. Didier3001 976 Reputation points Microsoft Employee
    2020-08-02T08:15:42.313+00:00

    Hi

    Did you look at the GPO targeting these computers who receive the certs?

    Distribute Certificates to Client Computers by Using Group Policy

    On one of the computer that receives the certs, I would run a gpresult /h from an elevated command prompt and look at the output of the html generated.

    --I hope this helps. Please Accept it as an answer and "Up-Vote" the answer or message(s) that helped you so that it can help others in the community looking for help on similar topics

    Regards,
    Didier3001

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest