Re: Certificate Authority type

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 06/19/05


Date: Sun, 19 Jun 2005 21:19:55 +1000

Paul previously answered the question - "Run certutil -getreg ca\CAType at a
command prompt on each CA". If you have defunct CAs in the infrastructure,
you still have some problem.

I seriously recommend you to ditch the old PKI and start over with
documented infrastructure and precedures around that - one cannot trust PKI
that isn't documented anyhow.

-- 
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
"Wayne" <Wayne@discussions.microsoft.com> wrote in message
news:24E3D88E-5655-44F7-B805-C47DFE2895F1@microsoft.com...
> It only seems to show Enterprise Root CA's in Sites & Services.  I
installed
> a enterprise root and enterprise subordinate in my lab and it does not
show
> the enterprise subordinate in S&S.
>
> It shows only the root in the Certification Authorities folder, however it
> did show both under the CDP folder.  I then removed/uninstalled the
> subordinate, however it still remains in AD
>
> How can I tell about  a subordinate?
>
> Thanks
>
> "S. Pidgorny <MVP>" wrote:
>
> > Enterprise CA information is found in Active Directory (Sites and
> > Services/PKI) - not for stand-alone
> >
> > -- 
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > "Wayne" <Wayne@discussions.microsoft.com> wrote in message
> > news:5E9153FB-29AF-46DC-84B2-9C0143753BB2@microsoft.com...
> > > I was brought into an environment without good documentation and am
trying
> > to
> > > figure out what types of CA's are present.  I have 2 servers (both
domain
> > > controllers).  One is a Root Certificate authority, the other is a
> > > subordinate.  I'm trying to determine if they are enterprise, or
> > standalone.
> > >
> > > Is there someway I can tell which it is?  I can't find it in the MMC.
Is
> > > there a registry key that would tell me what kind it is?
> > >
> > > I would assume they are enterprise but the previous admin wasn't very
good
> > > and left on bad terms so I can't ask and can't afford to assume.
> > >
> > >
> >
> >
> >