Re: Certificate Authority type

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 06/19/05


Date: Sun, 19 Jun 2005 21:19:55 +1000

Paul previously answered the question - "Run certutil -getreg ca\CAType at a
command prompt on each CA". If you have defunct CAs in the infrastructure,
you still have some problem.

I seriously recommend you to ditch the old PKI and start over with
documented infrastructure and precedures around that - one cannot trust PKI
that isn't documented anyhow.

-- 
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
"Wayne" <Wayne@discussions.microsoft.com> wrote in message
news:24E3D88E-5655-44F7-B805-C47DFE2895F1@microsoft.com...
> It only seems to show Enterprise Root CA's in Sites & Services.  I
installed
> a enterprise root and enterprise subordinate in my lab and it does not
show
> the enterprise subordinate in S&S.
>
> It shows only the root in the Certification Authorities folder, however it
> did show both under the CDP folder.  I then removed/uninstalled the
> subordinate, however it still remains in AD
>
> How can I tell about  a subordinate?
>
> Thanks
>
> "S. Pidgorny <MVP>" wrote:
>
> > Enterprise CA information is found in Active Directory (Sites and
> > Services/PKI) - not for stand-alone
> >
> > -- 
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > "Wayne" <Wayne@discussions.microsoft.com> wrote in message
> > news:5E9153FB-29AF-46DC-84B2-9C0143753BB2@microsoft.com...
> > > I was brought into an environment without good documentation and am
trying
> > to
> > > figure out what types of CA's are present.  I have 2 servers (both
domain
> > > controllers).  One is a Root Certificate authority, the other is a
> > > subordinate.  I'm trying to determine if they are enterprise, or
> > standalone.
> > >
> > > Is there someway I can tell which it is?  I can't find it in the MMC.
Is
> > > there a registry key that would tell me what kind it is?
> > >
> > > I would assume they are enterprise but the previous admin wasn't very
good
> > > and left on bad terms so I can't ask and can't afford to assume.
> > >
> > >
> >
> >
> >


Relevant Pages

  • Re: Certificate Authority type
    ... It only seems to show Enterprise Root CA's in Sites & Services. ... the enterprise subordinate in S&S. ... It shows only the root in the Certification Authorities folder, ...
    (microsoft.public.security)
  • Re: CA Stand Alone Root vs Enterprise Root
    ... >> An enterprise CA must stay online. ... >>> Root CA is the Enterprise requires Active Directory. ... >>> vreate an Enterprise Root CA and then install a subordinate CA, ...
    (microsoft.public.win2000.security)
  • Re: CA Stand Alone Root vs Enterprise Root
    ... > An enterprise CA must stay online. ... >> Root CA is the Enterprise requires Active Directory. ... >> vreate an Enterprise Root CA and then install a subordinate CA, ...
    (microsoft.public.win2000.security)
  • RE: Using Subordinate CAs
    ... >> At one of my locations I setup an Enterprise Root CA, ... >> location I set up a Enterprise Subordinate CA. ... How can I force the computers to request from ...
    (microsoft.public.win2000.security)
  • Re: Difference between Certificate Authorities
    ... If your CA crashes, your main concern should be recover that CA, for that to happen you need a good backup plan strategy. ... If my Enterprise Root is crashed then certificate issue by Enterprise root CA will be served by Enterprise Sub Ordinate CA. ... Enterprise CAs Vs Standalone CAs - (the first one is in a domain and published in your AD, the second one may be in a domain or not but is not ...
    (microsoft.public.windows.server.active_directory)