question

michielhimpens-0081 avatar image
0 Votes"
michielhimpens-0081 asked cthivierge answered

remove old domain certificates

Hi

i have this setup for a customer: 2 DC's + 1 server with AD CS (entreprise root CA). After installing AD CS i noticed DC01 got a domaincontroller certificate. After a while the DC02 still not. On the DC02 i see there is already an DC02.domain.local domaincontroller certificate issued by an old CA in the domain. I guess this was not cleaned up in the proper way, the role is not installed anymore on the specific server.

Can i just delete the certificate (not expired yet) from the DC02 so he will get a new certificate from the new CA?

thanks in advance

windows-server-security
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

cthivierge avatar image
0 Votes"
cthivierge answered

Well, if your old CA is no longer available and you only use the new CA, then you could delete the old certificate from DC02 and then it should be able to get a new certificate from the new CA

hth

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.