Hello everybody,
We have made a mistake: In a customer's small domain, we were not aware that there was an enterprise CA running on a server 2008 R2 which shall be decommissioned, and installed a new enterprise CA on Windows Server 2019. Now the new root certificate does not get distributed to clients - that is were we becaem aware of the old CA.
There are no certificates that the old CA issued which are still in active use (perhaps besides those gerneated for the domain controllers or something like that). We would like to get rid of the old CA and have the new one fully working. What is the best way to achieve this? Uninstall the old CA as described in https://support.microsoft.com/en-au/help/889250/how-to-decommission-a-windows-enterprise-certification-authority-and-r and then again trying to dspublish the new root? Uninstall both and reinstall the new one? Thanks for any hint.
Best Regards, Stefan Falk