Hello,
We have a standalone CA that is NOT offline and is also the issuing CA as well as the website for submitting
certificate requests. Our CA is on a Windows 2008 member server in a Windows 2008 Domain.
The CA's cert was to expire on 9/16/14, 5 days from the creation of this post. I renewed the cert last night using
the same key pair. The renewal went well as did publishing the new cert and CRL to Active Directory. As a result, i now have a new cert available in AD that has an expiration date of 9/10/19.
In my environment, we use a Cisco ACS to authenticate domain computer via 802.1x. in order to give it access to the
network. After the renewal, the new cert was deployed via auto enrollment to the workstations. When i look at the
authentication tab of the local area network, under the "Trusted Root Authorities", i can see the old cert, with an
expiration date of 9/16/14, as well as the new cert with an expiration date of 9/10/19. The old cert is selected via a check mark and the new cert is not selected.
My question is why are both certs there? Is it because the old cert hasn't expired yet? Will the old cert disappear
from the list once it expires?
Any and all information is appreciated.
Thanks, Jim