New Subordonate Enterprise CA Started Issuing User Certs Automatically

I am in the process of setting up a new PKI with a new offline root CA and one enterprise sub ca.  I haven't finished configuring it and have not set up any custom templates yet or set up any group policies for autorenrollment or issuing certificates from the server.

Our old PKI is still running.  We plan to decommission it and migrate everything to the new PKI next week.

I looked in the MMC of the new CA and see that there is already one certificate issued for EFS for one user.

How can I stop this new CA from automatically issuing any more certificates before the configuration is complete?

I would also like to stop the old CA from issuing new certificates so there is less to migrate next week.

This is a new PKI; the keys from the old server are not moving over to new servers.



  • Edited by MyGposts 10 hours 15 minutes ago
May 21st, 2015 4:53pm

When you installed, the CAPolicy.inf should have had the line

loadDefaultTemplates=0

Since you did not includes this line, go to the Certification Authority console

In the Certificate Templates container, delete the default list of certificate templates

Go to issued certificates, and then revoke all issued certificates

Brian

Free Windows Admin Tool Kit Click here and download it now
May 21st, 2015 9:43pm

I did not use any inf file.  I configured all of it using the GUI.

There was only one certificate issued.  I stopped the certificate service using the mmc as a temporary workaround until I can find out of to change this.

  • Edited by MyGposts 1 hour 49 minutes ago
May 22nd, 2015 1:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics