E
E
EvgenyMorozov2018-07-20 16:25:32
Active Directory
EvgenyMorozov, 2018-07-20 16:25:32

What to do if the certificate authority is gone with the domain controller?

Good (no) day
From old age, the iron domain controller DC1 physically died, on which the Certification Authority was configured and everything worked properly. There is a second DC2 domain controller on a virtual machine. Roles transferred everything to him. Added one more virtual controller on another host.
Now the question is: what to do with the certificate authority? This role exists on DC2, but certificate #0 has expired.
What to do next - I can’t put my mind to it, and I can’t google it?
How to make a new certificate?
Or maybe create a new CA on DC3?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Dmitry, 2018-07-20
@Tabletko

Expand backup

Z
zvl, 2018-07-27
@zvl

https://habr.com/company/microsoft/blog/348944/
https://habr.com/company/microsoft/blog/348956/
https://habr.com/company/microsoft/blog/349202/
lift 2 CA: 1 - root outside the domain, 2 - intermediate in the domain.
the root certificate is distributed to computers forcibly by the policy in "Trusted Roots", the intermediate CA in the domain will distribute the certificate itself.
CA and domain controller are not desirable to combine

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question