How to revoke certificates if whole PKI is down?
I have Root CA and issuing CA installed in my domain. Is there a way to revoke all issued certificates if both CA services are down? How to completly remove whole PKI and corresponding certificates to start from zero and what will happen to client's if I do that? Thanks
February 17th, 2011 6:32am

1) no, it is not possible 2) if you wish to decomission old PKI follow these instructions: http://support.microsoft.com/kb/889250/http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2011 6:44am

Will client's eventually start to enroll new certificates after installation of new pki is done or there is something I need to do? I am relatively new to this area so I don't wanna miss something. Thanks
February 17th, 2011 7:12am

Adding to Vadims answer, you will have to redeploy *all* certificates in the environment Brian
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2011 7:59am

Can you be more specific? What do you mean by that? Do you mean certificates that I created by myself? Thanks
February 17th, 2011 9:20am

Can you be more specific? What do you mean by that? Do you mean certificates that I created by myself? Thanks all certificates were issued by previous PKI.http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2011 9:38am

What will happen with certificates for Servers,computers, users e.t.c?. Will they be recreated by themselves after old certificates that i couldn't revoke expire? Thanks
February 17th, 2011 10:04am

When you deploy new PKI you will have to enable Autoenrollment. Autoenrollment will replace user and computer certificates as defined in autoenrollment policy.http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2011 11:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics