Differences

This shows you the differences between two versions of the page.

View differences: Side by SideInline Go

Link to this comparison view

2024/11/01 09:55 jp 2022/11/09 10:09 jp 2022/10/26 16:12 jp 2022/10/26 16:11 jp 2022/10/26 16:10 jp 2022/10/26 16:09 jp 2022/10/26 16:09 jp 2022/10/26 16:08 jp 2022/10/26 16:08 jp 2022/10/26 16:08 jp createdGo Next revision		Previous revision 2024/11/01 09:55 jp 2022/11/09 10:09 jp 2022/10/26 16:12 jp 2022/10/26 16:11 jp 2022/10/26 16:10 jp 2022/10/26 16:09 jp 2022/10/26 16:09 jp 2022/10/26 16:08 jp 2022/10/26 16:08 jp 2022/10/26 16:08 jp createdGo
вывод_из_эксплуатации_центра_сертификации [2022/10/26 16:08] – created jp		вывод_из_эксплуатации_центра_сертификации [2024/11/01 09:55] (current) – jp
Line 1:		Line 1:
	===== Вывод из эксплуатации центра сертификации =====		===== Вывод из эксплуатации центра сертификации =====
-	Есть статья от MS, описывающая полный процесс докомиссии.	+	Существует статья от MS, описывающая полный процесс декомиссии.
	https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects		https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects
-	Но если центр сертификации был удален и роль деинсталирована, можно почистить присутствие бывшего ЦС через ADSI-edit.	+	Здесь вынесена выдержка о том, как можно почистить присутствие бывшего ЦС через ADSI-edit.
-	При этом, подключаться надо не к default naming context, а к configuration, как показано на скрине.	+
		+	:!: //При этом, подключаться надо не к default naming context, а к configuration, как показано на скрине.//
		+
		+	;#;
	{{::ad_cs_removal_adsi.jpg?direct&400|}}		{{::ad_cs_removal_adsi.jpg?direct&400|}}
		+	;#;
		+
	Нужно удалять следующие атрибуты в соответствующих местах расположения.		Нужно удалять следующие атрибуты в соответствующих местах расположения.
-	<code>	+
-	certificateAuthority object	+	**certificateAuthority object**
	Located in CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRootDomain.		Located in CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRootDomain.
Line 18:		Line 22:
	Published Authority Information Access (AIA) location.		Published Authority Information Access (AIA) location.
-	crlDistributionPoint object	+	**crlDistributionPoint object**
-	Located in CN=ServerName,CN=CDP,CN=Public Key Service,CN=Services,CN=Configuration,DC=ForestRoot,DC=com.	+	Located in CN=ServerName,CN=CDP,CN=Public Key Service,CN=Services,CN=Configuration,DC=ForestRoot,DC=com.\\
-	Contains the CRL periodically published by the CA.	+	Contains the CRL periodically published by the CA.\\
-	Published CRL Distribution Point (CDP) location.	+	Published CRL Distribution Point (CDP) location.\\
-	certificationAuthority object	+	**certificationAuthority object**
-	Located in CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRoot,DC=com.	+	Located in CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRoot,DC=com.\\
-	Contains the CA certificate for the CA.	+	Contains the CA certificate for the CA.\\
-	pKIEnrollmentService object	+	**pKIEnrollmentService object**
-	Located in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRoot,DC=com.	+	Located in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRoot,DC=com.\\
-	Created by the enterprise CA.	+	Created by the enterprise CA.\\
	Contains information about the types of certificates the CA has been configured to issue. Permissions on this object can control which security principals can enroll against this CA.		Contains information about the types of certificates the CA has been configured to issue. Permissions on this object can control which security principals can enroll against this CA.
-	<code>	+	{{tag>Certificates PKI ADCS Microsoft Windows}}