I am in the process of setting up a new PKI with a new offline root CA and one enterprise sub ca. I haven't finished configuring it and have not set up any custom templates yet or set up any group policies for autorenrollment or issuing certificates from the server.
Our old PKI is still running. We plan to decommission it and migrate everything to the new PKI next week.
I looked in the MMC of the new CA and see that there is already one certificate issued for EFS for one user.
How can I stop this new CA from automatically issuing any more certificates before the configuration is complete?
I would also like to stop the old CA from issuing new certificates so there is less to migrate next week.
This is a new PKI; the keys from the old server are not moving over to new servers.
- Edited by MyGposts 10 hours 15 minutes ago