Certificate Authority type

TheMSsForum.com: The Microsoft Software Forum

I was brought into an environment without good documentation and am trying to
figure out what types of CA's are present. I have 2 servers (both domain
controllers). One is a Root Certificate authority, the other is a
subordinate. I'm trying to determine if they are enterprise, or standalone.

Is there someway I can tell which it is? I can't find it in the MMC. Is
there a registry key that would tell me what kind it is?

I would assume they are enterprise but the previous admin wasn't very good
and left on bad terms so I can't ask and can't afford to assume.
Top

Re: Certificate Authority type by S

S
Fri Jun 17 06:18:42 CDT 2005

Enterprise CA information is found in Active Directory (Sites and
Services/PKI) - not for stand-alone

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Wayne" <Wayne@discussions.microsoft.com> wrote in message
news:5E9153FB-29AF-46DC-84B2-9C0143753BB2@microsoft.com...
> I was brought into an environment without good documentation and am trying
to
> figure out what types of CA's are present. I have 2 servers (both domain
> controllers). One is a Root Certificate authority, the other is a
> subordinate. I'm trying to determine if they are enterprise, or
standalone.
>
> Is there someway I can tell which it is? I can't find it in the MMC. Is
> there a registry key that would tell me what kind it is?
>
> I would assume they are enterprise but the previous admin wasn't very good
> and left on bad terms so I can't ask and can't afford to assume.
>
>


Top

Re: Certificate Authority type by Wayne

Wayne
Fri Jun 17 07:04:07 CDT 2005

It only seems to show Enterprise Root CA's in Sites & Services. I installed
a enterprise root and enterprise subordinate in my lab and it does not show
the enterprise subordinate in S&S.

It shows only the root in the Certification Authorities folder, however it
did show both under the CDP folder. I then removed/uninstalled the
subordinate, however it still remains in AD

How can I tell about a subordinate?

Thanks

"S. Pidgorny <MVP>" wrote:

> Enterprise CA information is found in Active Directory (Sites and
> Services/PKI) - not for stand-alone
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> "Wayne" <Wayne@discussions.microsoft.com> wrote in message
> news:5E9153FB-29AF-46DC-84B2-9C0143753BB2@microsoft.com...
> > I was brought into an environment without good documentation and am trying
> to
> > figure out what types of CA's are present. I have 2 servers (both domain
> > controllers). One is a Root Certificate authority, the other is a
> > subordinate. I'm trying to determine if they are enterprise, or
> standalone.
> >
> > Is there someway I can tell which it is? I can't find it in the MMC. Is
> > there a registry key that would tell me what kind it is?
> >
> > I would assume they are enterprise but the previous admin wasn't very good
> > and left on bad terms so I can't ask and can't afford to assume.
> >
> >
>
>
>
Top

Re: Certificate Authority type by S

S
Sun Jun 19 06:19:55 CDT 2005

Paul previously answered the question - "Run certutil -getreg ca\CAType at a
command prompt on each CA". If you have defunct CAs in the infrastructure,
you still have some problem.

I seriously recommend you to ditch the old PKI and start over with
documented infrastructure and precedures around that - one cannot trust PKI
that isn't documented anyhow.


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Wayne" <Wayne@discussions.microsoft.com> wrote in message
news:24E3D88E-5655-44F7-B805-C47DFE2895F1@microsoft.com...
> It only seems to show Enterprise Root CA's in Sites & Services. I
installed
> a enterprise root and enterprise subordinate in my lab and it does not
show
> the enterprise subordinate in S&S.
>
> It shows only the root in the Certification Authorities folder, however it
> did show both under the CDP folder. I then removed/uninstalled the
> subordinate, however it still remains in AD
>
> How can I tell about a subordinate?
>
> Thanks
>
> "S. Pidgorny <MVP>" wrote:
>
> > Enterprise CA information is found in Active Directory (Sites and
> > Services/PKI) - not for stand-alone
> >
> > --
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > "Wayne" <Wayne@discussions.microsoft.com> wrote in message
> > news:5E9153FB-29AF-46DC-84B2-9C0143753BB2@microsoft.com...
> > > I was brought into an environment without good documentation and am
trying
> > to
> > > figure out what types of CA's are present. I have 2 servers (both
domain
> > > controllers). One is a Root Certificate authority, the other is a
> > > subordinate. I'm trying to determine if they are enterprise, or
> > standalone.
> > >
> > > Is there someway I can tell which it is? I can't find it in the MMC.
Is
> > > there a registry key that would tell me what kind it is?
> > >
> > > I would assume they are enterprise but the previous admin wasn't very
good
> > > and left on bad terms so I can't ask and can't afford to assume.
> > >
> > >
> >
> >
> >


Top