Hi
I currently renewed the Issuing CA (Win 2k8) because the organisation wanted to change the validity from 10 years to 20 years. Hence I took a simpler approach renewing the Issuing CA.
Now the computer certificate stores of all servers and computers in the domain are showing up 2 Issuing CA certificates with identical certificates. I would like to remove the first Issuing CA certificate from these stores.
I understand I should not remove the first Issuing CA certificate from the CA server as it uses to sign the CRLs until its expiry.
But my main tasks to clean up in other certificate stores across the domain and non-windows systems as well.
Should I use Active Directory approach to clean up the first Issuing CA ? Or use certutil tool ??
Any suggestions and advise is welcome. Thanks.
Sanurajan.