Hello.
I've noticed that there is an expired certificate in the Certificates(Local Computer)/Personal/Certificates containe on all of the Windows 2008 Domain Controllers at my organization. The expired certificate is a Client Authentication certificate that is derived from our "Workstation Authentication" template. There is also a Client Authentication certificate derived from the "Domain Controller Authentication" template that is up to date. We do have auto enrollment enabled, that should automatically renew expiring certificates using our Microsoft PKI.
I looked on my Windows 2003 domain controllers and they don't have the "Workstation Authentication" certificate at all, just the Domain Controller Authentication certificate.
My thinking is the expired Workstatoin Authentication certificate is a relic from before the domain controller was promoted to a DC. After it was promoted the Workstation Authentication certificate was no longer required and therefore doesn't get renewed. Is this correct? If so can I just delete the expired certificate off of my Domain Controllers.
Even with the expired certificate everything appears to be working, however my event logs are full of warnings about the expired cert.
My DCs are Windows 2008 SP2. The PKI is Windows 2008 R2 SP1.
Any help would be apreciated.
Craig.