8.1 Implementation File Cleanup
Once the Certificate Authority Implementation has been successfully implemented and completed there are a few files that should be deleted.
Delete the following files on the TFS-CA01 Server:
- C:\TFS Labs Certificate Authority.cer
- C:\TFS Labs Enterprise CA.cer
- C:\TFS Labs Enterprise CA.p7b
These files should all be present on the C:\RootCA folder on the TFS-ROOT-CA Server. Those files don’t need to be deleted.
Virtual Floppy Disk
Depending on your Virtualization platform, the location of the RootCAFiles Virtual Floppy Disk will vary. This file also needs to be deleted. Ensure that if you setup BitLocker on the TFS-ROOT-CA Server that you backup up the recovery key.
8.2 Recurring Tasks
The only major task that you should need to perform on your PKI Infrastructure is that you will need to renew the CRL from the Root CA at least once a year. It is best that once the implementation is completed that you setup a yearly recurring task in order to make sure this task is not forgotten.
8.3 Root CA Shutdown
Once the Certificate Authority has been successfully implemented, the Root CA needs to be powered off as it is no longer needed. The TFS-ROOT-CA Virtual Machine will need to be powered on at least once every 52 weeks in order to update the CRL.
Ensure that you do not delete this Virtual Machine. If you do it will break your entire PKI and there will be no way of recovering from this.
Certificate Authority in Windows Server 2019
- Part 1 – Offline Root CA Setup
- Part 2 – Subordinate CA Setup
- Part 3 – Deploy Root and Subordinate Certificate
- Part 4 – Certificate Revocation Policies
- Part 5 – Configure Private Key Archive and Recovery
- Part 6 – Certificate Template Modifications and Deployment
- Part 7 – Certificate Auto-Enrollment
- Part 8 – Final Steps