Windows 10: Standalone, workgroup Root CA Replacement

Discus and support Standalone, workgroup Root CA Replacement in Windows 10 Gaming to solve the problem; I have a Server 2008 Root CA that is in Workgroup mode. It's usually powered off but does have a NIC that is connected when it powers on every few... Discussion in 'Windows 10 Gaming' started by Mathew Dsa, Feb 19, 2023.

  1. MATHEW DSA
    Mathew Dsa Win User

    Standalone, workgroup Root CA Replacement


    I have a Server 2008 Root CA that is in Workgroup mode. It's usually powered off but does have a NIC that is connected when it powers on every few months for Windows updates. If I use the steps that are available for migrating a CA to a new 2019 server, do I need to still perform the step to uninstall the CA role given that the old Root CA has never been on the Domain? The plan is to build the new CA with the same machine name and also have it stay Workgroup. Thanks very much.

    :)
     
    Mathew Dsa, Feb 19, 2023
    #1
  2. MONIKAMIśNIAKIEWICZ
    MonikaMiśniakiewicz Win User

    Symbian^3 preinstalled root CA

    Hello,

    could you help me to get the list of preinstalled root CA on Symbian^3 devices?

    The problem is that I have no access to the device.

    Best regards,

    Monika
     
    MonikaMiśniakiewicz, Feb 19, 2023
    #2
  3. RYAN V. ARGOTA
    Ryan V. Argota Win User
    CA root and SUB CA for MS2016and2019

    hi,

    thank you for your time reading my question.

    I'm on the stage of putting up a sub CA under MS Server 2019 but my Root CA is hosted under MS server 2016, is there any issue or incompatibility when provisioning this approach.
     
    Ryan V. Argota, Feb 19, 2023
    #3
  4. GRAWITY
    grawity Win User

    Standalone, workgroup Root CA Replacement

    Accept self-signed certificate system-wide without installing as root CA

    If the server is under your control:

    1. Create an actual root CA (e.g. with easy-rsa or Xca or Windows Server CA role).
    2. Replace the self-signed server certificate with one issued by your custom CA.
    3. Make sure the certificate you just issued is actually marked as a "leaf" / "end-entity" certificate. Look for the "X.509v3 Basic Constraints" extension – it must be present and say "CA: FALSE".
    4. Install the custom CA's root certificate into your computer.
    5. Safely store the CA private key so that it's only accessible whenever you need to issue a new cert.

    As the server's certificate contains "Basic Constraints: CA: FALSE", it will not be able to issue new certificates using just its own key.

    (The reason you need the CA to be separate is because directly installing the server's self-signed certificate into the "Trusted CA" folder may cause the system to ignore Basic Constraints – after all, it's installed as an authority. Separation avoids this problem, because you can safeguard the root CA keys.)

    As a bonus feature, you won't need to re-trust the server certificate when it expires or when its name changes – just use the same root CA to issue a new cert.
     
    grawity, Feb 19, 2023
    #4
Thema:

Standalone, workgroup Root CA Replacement

Loading...

  1. Standalone, workgroup Root CA Replacement - Similar Threads - Standalone workgroup Root

  2. Standalone, workgroup Root CA Replacement

    in Windows 10 Software and Apps
    Standalone, workgroup Root CA Replacement: I have a Server 2008 Root CA that is in Workgroup mode. It's usually powered off but does have a NIC that is connected when it powers on every few months for Windows updates. If I use the steps that are available for migrating a CA to a new 2019 server, do I need to still...

  3. Error enrolling certificates from our Enterprise Root CA - Some Servers and Some...

    in Windows 10 Customization
    Error enrolling certificates from our Enterprise Root CA - Some Servers and Some...: Error enrolling certificates from our Enterprise Root CA - Some Servers and Some Certificates onlyThe generic error is:Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate with request ID N/A from BRRJ1-SRV0024.qgog.ad\CA...

  4. Enterprise root CA recommendation

    in Windows 10 Gaming
    Enterprise root CA recommendation: Hi guys,I am fairly new to PKI so have some basic question about enterprise two tier PKI .Let's say we have root server, which is not the member of domain and normally stay powered down until we need to renew intermediate CA certificate.Does Microsoft recommend root server as...

  5. Enterprise root CA recommendation

    in Windows 10 Software and Apps
    Enterprise root CA recommendation: Hi guys,I am fairly new to PKI so have some basic question about enterprise two tier PKI .Let's say we have root server, which is not the member of domain and normally stay powered down until we need to renew intermediate CA certificate.Does Microsoft recommend root server as...

  6. Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root

    in Windows 10 Gaming
    Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root: Re this notice.Does this mean that everyone's PC must install the G2 protocol? Or is it for Windows servers only?How does this work for people OUTSIDE the US accessing US services / servers and for Servers situated outside the US but sometimes serving US customers?...

  7. Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root

    in Windows 10 Software and Apps
    Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root: Re this notice.Does this mean that everyone's PC must install the G2 protocol? Or is it for Windows servers only?How does this work for people OUTSIDE the US accessing US services / servers and for Servers situated outside the US but sometimes serving US customers?...

  8. Toxic Root-CA certificates of WoSign and StartCom are still active in Windows 10

    in AntiVirus, Firewalls and System Security
    Toxic Root-CA certificates of WoSign and StartCom are still active in Windows 10: The root-CA certificates of WoSign and StartCom should be removed by Microsoft in 2017 due to their notoriety i.e. issuing fake/backdating certificates etc.. I am using Windows 10 Education Version 2004; OS build 19041.804, and at `certmgr.msc` I just saw that their...

  9. Root CA certificate automatically added to local machine without internet connection

    in AntiVirus, Firewalls and System Security
    Root CA certificate automatically added to local machine without internet connection: On a fresh installed Windows 10 in virtual environment, that is disconnected from the internet by disabling the virtual network adapter, new root CA certificate is automatically added to the local machine trusted root certificate authorities after viewing the digital...

  10. "Suspicious Root CA" detection by Zemana AntiLogger

    in AntiVirus, Firewalls and System Security
    "Suspicious Root CA" detection by Zemana AntiLogger: I recently got a free premium licence of zemana antilogger from 'sharewareonsale.com', and run my first scan. From scan result I got three 'Suspicious Root CA' detection in 'HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\'...Zemana want to delete this registry...