Re: Certificate Authority type
From: S. Pidgorny
Date: Sun, 19 Jun 2005 21:19:55 +1000
Paul previously answered the question - "Run certutil -getreg ca\CAType at a
command prompt on each CA". If you have defunct CAs in the infrastructure,
you still have some problem.
I seriously recommend you to ditch the old PKI and start over with
documented infrastructure and precedures around that - one cannot trust PKI
that isn't documented anyhow.
-- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- "Wayne" <Wayne@discussions.microsoft.com> wrote in message news:24E3D88E-5655-44F7-B805-C47DFE2895F1@microsoft.com... > It only seems to show Enterprise Root CA's in Sites & Services. I installed > a enterprise root and enterprise subordinate in my lab and it does not show > the enterprise subordinate in S&S. > > It shows only the root in the Certification Authorities folder, however it > did show both under the CDP folder. I then removed/uninstalled the > subordinate, however it still remains in AD > > How can I tell about a subordinate? > > Thanks > > "S. Pidgorny <MVP>" wrote: > > > Enterprise CA information is found in Active Directory (Sites and > > Services/PKI) - not for stand-alone > > > > -- > > Svyatoslav Pidgorny, MS MVP - Security, MCSE > > -= F1 is the key =- > > > > "Wayne" <Wayne@discussions.microsoft.com> wrote in message > > news:5E9153FB-29AF-46DC-84B2-9C0143753BB2@microsoft.com... > > > I was brought into an environment without good documentation and am trying > > to > > > figure out what types of CA's are present. I have 2 servers (both domain > > > controllers). One is a Root Certificate authority, the other is a > > > subordinate. I'm trying to determine if they are enterprise, or > > standalone. > > > > > > Is there someway I can tell which it is? I can't find it in the MMC. Is > > > there a registry key that would tell me what kind it is? > > > > > > I would assume they are enterprise but the previous admin wasn't very good > > > and left on bad terms so I can't ask and can't afford to assume. > > > > > > > > > > > >