How to remove certification authority service windows 2003

Step 2: Delete all certificate templates. In the " Certification Authority " console, select " Certificate Templates ". At right pane, select all certificate templates. Right-click the selected certificate templates, select " Delete ". Click " Yes ". Figure 2: Certificate Templates. It can prevent users to request the certificate from the CA Server. In the " Certification Authority " console, right-click " Revoked Certificates ", select " Properties ". Next to " CRL publication interval ", type a suitably long value.

Remark: The lifetime of the Certification Revocation List CRL should be longer than the lifetime that remains for certificates that have been revoked. Figure 3: Revoked Certificates properties. Click " OK ". Step 4: Publish a new CRL. Figure 4: Publish CRL. Step 5: Deny any pending requests optional.

By default, an enterprise CA does not store certificate requests. However, an administrator can change this default behavior. Certificates that do not validate are removed from their respective domain controller. To remove certificates that were issued to the Windows Server domain controllers, follow these steps. Important Do not use this procedure if you are using certificates that are based on version 1 domain controller templates.

Certificates that do not validate are removed. To force application of the security policy, follow these steps:. At a command prompt, type the appropriate command for the corresponding version of the operating system, and then press ENTER:. Need more help? Expand your skills. Get new features first. A subscription to help make the most of your time. For up to 6 people. Premium apps. Try 1 month free.

Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue.

Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen. Incorrect instructions. Too technical. If you are permanently decommissioning the CA before its expected expiration date, then the CA certificate should be revoked from its parent CA and you should list "Cease of operation" as the reason for the revocation.

If the CA is a self-signed root CA, then all of the certificates issued by the CA that have not expired should be revoked and a certificate revocation list CRL should be generated that lists the same reason. This will indicate that the certificates are no longer valid because the CA has been decommissioned.

Failure to do so may cause Active Directory clients to continue attempts to enroll for certificates from that CA. If you are uninstalling an enterprise CA, membership in Enterprise Admins , or equivalent, is the minimum required to complete this procedure. At this point, you can reinstall Certificate Services. After the installation is finished, the new root certificate will be published to Active Directory. When the domain clients refresh their security policy, they'll automatically download the new root certificate into their trusted root stores.

All such information and related graphics are provided "as is" without warranty of any kind. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.