Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Do I need an enterprise CA 2

Status
Not open for further replies.
ouzojd

ouzojd

Programmer
Jun 9, 2002
314
AU
Hi, just about to upgrade DCs from 2000 boxes to 2003R2. Only question is one of the DCs has an enterprise CA on it which from what I can tell isnt used (used to be for OWA but now use 3rd party cert), there is 2 current certificates issued, one to itself (the DC that runs the CA) and one isseud to the other DC.

So do DCs actually require a CA for replication or can I just ignore its existence and after the server is demoted from been a DC turn it off and forget about it?

Thanks
 
Sort by date Sort by votes
If you're using a commercial cert for OWA/RPC/EAS, then Exchange doesn't need an internal CA for anything.

I'd caution you against killing off the CA unless you do your due diligence to find out if it's being used for anything else. Any other websites configured in IIS that might use a cert?

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
We do have one other ssl site but that uses a verisign certificate as well. Are you able to just clarify what RPC and EAS are abbreviations for so I can check.

My exchange server name doesnt have any current certs issued to it by the CA I have here. Only the 2 DCs - the one the CA is on looks like it had exchange 5.5 on it at some point and IIS so maybe thats part of the reason.

I just wasnt sure why the other DC would be getting a cert?
 
Upvote 0 Downvote
RPC = RPC over HTTPS - using Outlook outside of your firewall
EAS = Exchange Active Sync on Windows Mobile phones

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
OK thanks, yes we do use Activesync with our phones but verisign gave us a little cab file to run on the phones which allows them to connect so I'm 99% sure that must all be covered by the same verisign cert, I installed the cert at the default web site level in IIS on the exchange box.

If I uninstall the CA do you think that will remove any references to it in AD as well?

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

maybeimaleo
  • Locked
  • Question
Is There a Best Windows OS to Upgrade a CA Server to?
Replies
5
Views
269
maybeimaleo
maybeimaleo
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
483
microsGuy16
microsGuy16
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
943
gbaughma
gbaughma
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
978
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
801
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top