Hello,i suggest you use one of this, they are more related for your question:http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.windows.server.securityorhttp://social.technet.microsoft.com/Forums/en-US/winserversecurity/threadsBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Running Server 2008,I was wondering if the following is normal:I have a certicate in the Trusted Root Cert Auth that has the DC's FQDN.It is present in both Computer and User level.It is not pushed down to the clients in the domain.I cannot export the cert with theprivate key, when I try to export the key, it says it is not found (allthough the cert reports that I have a private key).It is issued TO and BY the same FQDN.It is NOT present in any Personal store.I am wondering if this is all normal.What is the cert used for if I can't put it in the Personal store?Am I suppose to have this or a similar cert in the ComputerPersonal store?All I have in the Computer Personal store is WMSvc-ComputerName. Is that okay?Thanks.

Hi, Based on your description, I believe that this is a Root CA (self-signed) certificate. It is normal that it is placed in the Trusted Root Certification Authority store rather than the personal store. That means the computer/user trusts all certificate issued by this CA. As Meinolf stated, you can post the CA-related issue to the Security forum in future. http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads Thanks.

Hi, Based on your description, I believe that this is a Root CA (self-signed) certificate. It is normal that it is placed in the Trusted Root Certification Authority store rather than the personal store. That means the computer/user trusts all certificate issued by this CA.Thanks.

I do not have a CA installed on the DC or else where.I use to but removed it and it's associated Root Certiciate (it was named different than the computer name)I went through a CA cleanup doc that I found on the web.All traces of the previous CA should be gone.How come I can't export the cert + private key (says private key is not found in the export wizard)?

Hi, When you installed the enterprise CA, its certificate was automatically imported to the Trusted Root Certification Authority store on the computer. The certificate was imported in order for the computer trusted all the certificate issued by this CA. It was imported without its associated private key. Therefore, you cannot export the certificate with private key from this store. Thanks.

I saw this cert in question andthe CA cert in the Trusted Root.Igot rid ofthe CA certwhen I removed the CA.This cert doesn't have the same name as the CA and it wasn't issued by the name of the CA (when I had it installed).This is why I question it.Also, my CA cert WAS pushed to clients, this one is NOT.Is it still safe to get rid of it?

Yes!