Enroll for certificate on second CA
I have CA1 and this server needs to be removed this server also hosts other roles so i cant migrate the CA role
So i did the following:
0. let my domain joined windows 7 machine get a certificate from CA1
1 create new server CA2 and install CA Ent role
2 run the CA wizard with the new server name/common name etc CA2
3 remove all templates from CA1 (from Certificate Template container NOT the certificate templates console)
4 I have enabled the GPO - Automatic certificate request settings with Computer certificate
5 i have enabled GPO - certificate services client auto enrollment
6 reboot the windows 7 machine but im not getting a computer certificate
*reenrollment for cert holders option on the Computer certificate is not available because its unsupported not a v2 template?
How can i enforce the clients to get a new cert from the CA2 ?
August 9th, 2012 6:48am
Seems like a simple answer would be to duplicate the v1 template, make the new template v2, list the v1 template in the "Superseded Templates", and force re-enrollment of the older certificates.
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2012 10:59am
Seems like a simple answer would be to duplicate the v1 template, make the new template v2, list the v1 template in the "Superseded Templates", and force re-enrollment of the older certificates.
August 9th, 2012 11:08am