Press "Enter" to skip to content

Building a Certificate Authority in Windows Server 2019 Part 8 – Final Steps

8.1 Implementation File Cleanup

Once the Certificate Authority Implementation has been successfully implemented and completed there are a few files that should be deleted.

TFS-CA01 Server

Delete the following files on the TFS-CA01 Server:

  • C:\TFS-CA01.corp.tfslabs.com_corp-TFS-CA01-CA.req
  • C:\TFS Labs Certificate Authority.cer
  • C:\TFS Labs Enterprise CA.cer
  • C:\TFS Labs Enterprise CA.p7b

These files should all be present on the C:\RootCA folder on the TFS-ROOT-CA Server. Those files don’t need to be deleted.

Virtual Floppy Disk

Depending on your Virtualization platform, the location of the RootCAFiles Virtual Floppy Disk will vary. This file also needs to be deleted. Ensure that if you setup BitLocker on the TFS-ROOT-CA Server that you backup up the recovery key.

8.2 Recurring Tasks

The only major task that you should need to perform on your PKI Infrastructure is that you will need to renew the CRL from the Root CA at least once a year. It is best that once the implementation is completed that you setup a yearly recurring task in order to make sure this task is not forgotten.

8.3 Root CA Shutdown

Once the Certificate Authority has been successfully implemented, the Root CA needs to be powered off as it is no longer needed. The TFS-ROOT-CA Virtual Machine will need to be powered on at least once every 52 weeks in order to update the CRL.

Ensure that you do not delete this Virtual Machine. If you do it will break your entire PKI and there will be no way of recovering from this.

Certificate Authority in Windows Server 2019

Comments are closed, but <a href="https://mjcb.io/blog/2020/03/09/certificate-authority-windows-server-2019-part-8/trackback/" title="Trackback URL for this post">trackbacks</a> and pingbacks are open.

%d bloggers like this: