Petri IT Knowledgebase Forums
 

Petri.co.il forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Microsoft Networking Services > Active Directory
Reload this Page

Certificate Services

Petri.co.il is happy to award auglan the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read

Notices

Certificate Services

Certificate Services

this thread has 8 replies and has been viewed 1921 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 4th October 2007, 22:09
louisvillecat's Avatar
louisvillecat louisvillecat is offline
Casual
Casual
  
 Join Date: Jun 2007
  6 month star 12 month star
 Posts: 56
 Reputation: louisvillecat is on a distinguished road (10)
Default Certificate Services
I installed CA to create a SSL for IIS. If I remove Certification Authority will that nullify my SSL certificate already created? Will that take down https?
  #2  
Old 5th October 2007, 23:12
murtuza_13's Avatar
murtuza_13 murtuza_13 is offline
Casual
Casual
  
 Join Date: Oct 2007
  6 month star 12 month star
 Posts: 17
 Reputation: murtuza_13 is on a distinguished road (16)
Default Re: Certificate Services
It would obviously take down your https. You could still make it work till ur certificate expires by adding your Root CA ceritificate in the machine's local Certificate store. That way ur certification path would be valid and the certificate would work till the expiry date.
  #3  
Old 9th October 2007, 05:32
louisvillecat's Avatar
louisvillecat louisvillecat is offline
Casual
Casual
  
 Join Date: Jun 2007
  6 month star 12 month star
 Posts: 56
 Reputation: louisvillecat is on a distinguished road (10)
Default Re: Certificate Services
where is the local certificate store located?
  #4  
Old 16th October 2007, 11:47
murtuza_13's Avatar
murtuza_13 murtuza_13 is offline
Casual
Casual
  
 Join Date: Oct 2007
  6 month star 12 month star
 Posts: 17
 Reputation: murtuza_13 is on a distinguished road (16)
Default Re: Certificate Services
You can use the certificates mmc and access the local machine's certificate store. In your SSL certificate's properties, you can use the certification path to trace back to the Root Certificate belonging to the root CA. You can then use the option to save it to file and create a .cer file. You can import this certificate to your Trust Root Authorities. Once this is done your SSL certificate's validity wouldnt be checked and it will work till it expires.
  #5  
Old 16th October 2007, 11:59
Dumber's Avatar
Dumber Dumber is offline
Moderator
  
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,068
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (820)
Default Re: Certificate Services
why do you want to remove the CA????
I don't see the logic for such action.
__________________
Marcel
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
No matter how secure, there is always the human factor.
  #6  
Old 16th October 2007, 13:45
abhi_admin abhi_admin is offline
Casual
Casual
  
 Join Date: Oct 2007
  6 month star 12 month star
 Posts: 1
 Reputation: abhi_admin is on a distinguished road (10)
Default Re: Certificate Services
Quote:
Originally Posted by louisvillecat View Post
I installed CA to create a SSL for IIS. If I remove Certification Authority will that nullify my SSL certificate already created? Will that take down https?
It will nullify your ssl once you remove the CA. U cant use https then
  #7  
Old 24th October 2007, 16:39
louisvillecat's Avatar
louisvillecat louisvillecat is offline
Casual
Casual
  
 Join Date: Jun 2007
  6 month star 12 month star
 Posts: 56
 Reputation: louisvillecat is on a distinguished road (10)
Default Re: Certificate Services
Quote:
Originally Posted by Dumber View Post
why do you want to remove the CA????
I don't see the logic for such action.
I want to migrate AD to another server.
  #8  
Old 24th October 2007, 23:30
guyt's Avatar
guyt guyt is offline
[MSFT]
Guru
  
 Join Date: Nov 2003
  6 month star 12 month star
 Location: Israel
 Posts: 1,766
  Send a message via MSN to guyt
 Reputation: guyt is a name known to allguyt is a name known to allguyt is a name known to allguyt is a name known to allguyt is a name known to allguyt is a name known to all (592)
Default Re: Certificate Services
Quote:
Originally Posted by abhi_admin View Post
It will nullify your ssl once you remove the CA. U cant use https then
No, it will not. The only implication is that the CRL (Certificate Revokation List) paths will not be available, and some SSL clients will complain about it.
When a client establishes an SSL session, it does not contact the CA that issued the cert. Just google for "offline root CA" - this is actually a common practice for securing CA infrastructure.
__________________
Guy Teverovsky
http://blogs.technet.com/b/isrpfeplat/
"Smith & Wesson - the original point and click interface"
  #9  
Old 25th October 2007, 17:04
kapilsharma11's Avatar
kapilsharma11 kapilsharma11 is offline
Member
Here to help
  
 Join Date: Oct 2005
  6 month star 12 month star
 Location: India
 Posts: 551
  Send a message via MSN to kapilsharma11
 Reputation: kapilsharma11 will become famous soon enoughkapilsharma11 will become famous soon enough (106)
Thumbs up Re: Certificate Services
Your work will not be effected by this except users might get few warnings Pop-Ups while accessing the site. Simply need to OK that.

The only problem you will face during renewal of this certificate but as you have already mentioned that you are removing CA due to migration so it indicates that you will get a new CA once you complete the migration. So you can get a new certificate from the new CA once that will come into production.
__________________
Kapil Sharma
~~~~~~~~~~~~~
Life is too short, Enjoy It.
Closed Thread

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
services.exe high memory usage terminal services technotux Terminal Services 1 8th February 2007 21:59
Certificate cas Windows Server 2000 / 2003 1 15th October 2006 20:23
Certificate Services on different server than exchange Richie Exchange 2000 / 2003 0 27th July 2006 18:57
certificate salv236 Windows Server 2000 / 2003 1 6th October 2004 09:52
Certificate Services. eleibzon Windows Server 2000 / 2003 1 27th January 2004 00:14


All times are GMT +3. The time now is 17:38.

Contact Us - Petri.co.il forums - Archive - Top
Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri