Re: CertSrv Question

From: Shreeniwas Kelkar [MS] (srkelkar@online.microsoft.com)
Date: 08/27/02 

From: "Shreeniwas Kelkar [MS]" <srkelkar@online.microsoft.com>
Date: Mon, 26 Aug 2002 17:40:21 -0700

The reason most likely is that the CA cert is still there in the NTAuth
certificate store. If true, this cert will be brought down to all domain
member machines through group policy. And as long as this cert is trusted,
all valid certs issued by it will verify.

http://www.microsoft.com/windows2000/techinfo/planning/walkthroughs/default.
asp 

--
Shreeniwas Kelkar,
Microsoft Corp.
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included samples is subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
--
<newsgroups@MSWEBS.com> wrote in message
news:5f2lmusngknog71c9e2nt5sf74h18m3q83@4ax.com...
> After installing a Stand-alone CA on a server in the Active Directory,
> it replicates a trusted root to all the clients in the network. I
> recently un-installed the CA but the trusted are still on all the
> workstation in the network, and the verification still show it as
> being valid. How is it valid if the certificate is no longer existing?
> Anyway, the main question I have is how to remove the certificate from
> all the client, and have it not repopulate after a reboot. I have
> tried to delete it off of serveral of the client, and servers, but
> after a reboot they come back. I have checked the GPO for a
> replication source, but there is nothing in the GPO that tells the
> clients to add it back, and there is nothing in my startup scripts
> either. How do you get this certificates to go away?
>
> DM

Relevant Pages

  • Re: Dummies Guide for RADIUS/Certs
    ... I have set up IAS. ... client computers impacts certificate enrollment. ... configure Group Policy for domain member wireless clients so ... Cert Templates that is now enrolled on the IAS server. ...
    (microsoft.public.internet.radius)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • RE: 802.1x Authentication Fails
    ... Reason = The authentication request was not processed because the ... a default certificate is being sent to ... I queried the product team about this and they feel the server certificate ... which is causing the problem that the clients cannot ...
    (microsoft.public.internet.radius)
  • Re: Can this be done? Wireless Access w/o the use if CERTs
    ... a default certificate is being sent to user ... Could not retrieve the Remote Access Server's certificate due to the ... to use EAP-TLS but you don't have a server certificate. ... EAP-TLS requires certificates on clients and on the IAS server. ...
    (microsoft.public.internet.radius)