When old CA was not correctly decomissioned

You can check for all CA in domain by Running the following command from a CMD prompt: “certutil -config – -ping” it will prompt you with all the CA available in the organisation.

To remove from domain Open PKIView.msc, right-click on root node and select Manage AD Containers. Go through all tabs and remove items related to old CA. I have used this on Windows 2008 Server.

Categorised as: Microsoft, Networking, Server OS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.