Re: Cert Server - Changed Enterprise CA

How do I have them do that?

Can I put it in the Login Script for the Domain?

Thank you,
"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:WOcuY4FhGHA.5608@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Scott,

Of course you need to have the PCs/Servers request a new Cert from the
new
CA

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security

======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
From: "Scott Townsend" <scooter@xxxxxxxxxxxxxxxx>
Subject: Cert Server - Changed Enterprise CA
Date: Tue, 30 May 2006 11:57:18 -0700
Lines: 19
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-ID: <u0qmgrBhGHA.1520@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.win2000.active_directory
NNTP-Posting-Host: 204-145-245-49.enm.com 204.145.245.49
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:114022
X-Tomcat-NG: microsoft.public.win2000.active_directory

We had some issues with one of our DCs and with MS Support's Advice we
had
to demote it, which involved removing the Enterprise Root CA that was on
it.
I installed a new Enterprise Root CA on a new DC, though not sure that AD
is
happy.

I originally installed the CA to be used with our Cisco PIX and VPN
connections, though later found out that you could not use an Enterprise
Root and needed a Standalone Root. I just left the Enterprise Root there.
I
didn't think it was really used for anything. Though now I think it
might
have been.

The old cert server had Certs issued to each of the PCs/Servers in the
domain. How do I get the new Cert Server to issue new certs to the
PCs/Servers or have the PCs/Servers request a new Cert from the new CA?

Thanks,
Scott<-






.

Relevant Pages

  • Re: Address Book over LDAPS
    ... I use the "Enterprise standalone CA" mode. ... your users don't have to add a new root CA - they trust Verisign by default ... The certsrv service attaches the root CA cert to any certs created with the ...
    (microsoft.public.win2000.active_directory)
  • RE: Cert Server - Changed Enterprise CA
    ... Cert Server - Changed Enterprise CA ... Root and needed a Standalone Root. ... PCs/Servers or have the PCs/Servers request a new Cert from the new CA? ...
    (microsoft.public.win2000.active_directory)
  • Re: Trusted CA question
    ... The IIS box's fully qualified name is ... > don't really need a "trusted" verisign cert to assure anonymous ecommerce ... I just need SSL turned on to protect some data transmissions ... > for being the root and one for the site, and in the IIS manager I attached ...
    (microsoft.public.win2000.security)
  • Re: Change validatiy period of a Root certificate
    ... should not have either an AIA or a CDP URL in it" But when I go to install ... my subordinate stand alone CA it asks me for a Root CA to get it's cert from. ... I picks up my newly created standalone Root CA. ... certificate, copying the certificate to removable media and then installing ...
    (microsoft.public.security)
  • Re: Authenticate Computer account using PEAP MS-CHAPv2 on IAS 2k
    ... using a test root CA. IAS has a valid cert from the ... and clients have the root CA cert installed in the Local Computer Trusted ... authentication. ...
    (microsoft.public.internet.radius)