I currently have an issue with Certificate Authority i hope someone can help me with.
I currently have a root CA server installed on a 2008 R2 DC i want to rebuild (bad practice having a CA on a DC I know but I inherited it).
I have build another root CA server running 2012 Data center and added it to the environment.
The intention was to revoke certificates from the 2008 CA and allow the 2012 CA to issue new certificates as most of the certificates are either for the DC’s issued via auto enrollment.
I have put together a test environment to test this to see how revoking certificates would work.
As CA seems to be a bit of a dark art i have been reading as much as possible and it seems the best way to revoke certificates is via the online responder which is not currently setup in the live or test environments, i have tested using the CRL but this does not seems to be revoking the auto enrollment certificate on my test DC.
For info CRL overlap is set to 24 hours and CRLDelta set to 12 hours with CRL publication interval on 2 hours and publish delta CRL on 1 hour.
If anyone could provide some insight on how i am best to proceed or something I have missed it would be very much appreciated.