Re: Getting rid of my Certification Authority
- From: justmark <justmark@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 26 Apr 2008 06:09:00 -0700
"Brian Komar (MVP)" wrote:
inline...
If decommissions, and you have not maintained the KRA certificate and
private key or the DRA certificate and private key, they are out of luck.
Decommissioning a CA does not decrypt files.
Okay, then is there a way I can test this? For instance, can I stop a CA
service on the server to "simulate" removal of the CA? Something that I can
test and then if somebody screams (unlikely, but you never know), I can just
turn it back on and dig in further to help them get their stuff unencrypted?
They will fail for LDAP/SSL connections. You should remove all of the DC
certs
certutil -dcinfo DELETEALL
Running this on the CA will remove them and I'll be okay?
Thanks for the help,
Mark
.
- Follow-Ups:
- Re: Getting rid of my Certification Authority
- From: Brian Komar \(MVP\)
- Re: Getting rid of my Certification Authority
- References:
- Getting rid of my Certification Authority
- From: justmark
- Re: Getting rid of my Certification Authority
- From: Brian Komar \(MVP\)
- Getting rid of my Certification Authority
- Prev by Date: Re: Certification Authority 0x8009480f error
- Next by Date: Re: "Some updates could not be installed"??? Please help!
- Previous by thread: Re: Getting rid of my Certification Authority
- Next by thread: Re: Getting rid of my Certification Authority
- Index(es):
Relevant Pages
|
Loading
