SOLVED: Should You Power Off Your Root Certificate Authority? – Up & Running Inc – Tech How To's

Home
How To’s
- Windows 11 & Windows 10Windows 2000, XP, Vista, 7 and more How Tos
- Windows Serverwindows 2003, 2008, R2 how tos
- Microsoft 365, Azure & HostingHelp with Office 365 Issues
- Office: Word, Excel, Outlook…Office Apps like Word, Excel, Visio, Outlook, Project, Powerpoint, 2003, 2007 and 2010
- Mobile: Android, Samsung, LGBlackberry, BES, and BIS news and how tos
- Microsoft Exchange ServerExchange 2003, 2007, 2010 how to and demos
- System CenterEndpoint Protection
- JokesThis category is for I.T. relates gags and practical jokes
- Product Reviews & Other TechnologiesOther Technologies like firewalls, VoIP, Skype, Hardware Comparisons and other how tos
Windows 10, 11 & Server
- Windows 11 & Windows 10Windows 2000, XP, Vista, 7, Windows 8 and more How Tos
- Windows Serverwindows 2003, 2008, R2 how tos
Office 365 & Azure
- 25 User FREE Office 365 Trial
- Office365 & Azure HelpHelp with Office 365 Issues
IT Business News
YouTube Channel
Contact
- Discount Hosting
- On Site SupportHARDWARE & SOFTWARE We have found that most customers are tired of the excuses from ICT vendors… “… it’s the softwares fault” “…it’s Dell’s fault”. Fault is not important when you are having problems… getting it fixed is. We typically take end to end responsibily for anything that plugs into the wall, from desktops and laptops, to photocopiers and phone systems… it’s all our problem. Server hardware Server Software (like Exchange, Server 2008, Print Sharing, Sharepoint, Dynamics…) Desktops (from any vendor, IBM/Lenovo, Dell, Toshiba, White box…) Laptops Switches and Firewalls (from any vendor, like Dlink, Cisco, Linksys, FortiNet, Netgear…) Uninteruptable Power Supplies (UPS) network, phone and electrical cabling land line systems (like Nortel, Avaya and Toshiba) photocopiers (like Xerox, Kyocera, Mita, Canon, Toshiba…) cell phones Blackberry’s Blackberry Enterprise Server and even the Apple Mac’s… we handle it all CONTRACT MANAGEMENT & NEGOTIATIONS Many companies simply take the “rack rate” on their purchases and leases. We are skilled and experienced at managing and renegotiating all sorts of contracts. Cell contracts will Telus, Bell, Rogers… are often Service contracts with photocopy companies Land Line contracts with Bell, Telus, Rogers, All-stream Evergreen renewals and sooo much more We can reduce your costs and increase…
- Computer Recycling
- Hardware & SoftwareNEW HARDWARE & SOFTWARE We sell and support all of the ‘Tier 1′ and ‘Tier 2′ brands. Toshiba, HP, Dell, Samsung, Logitech, Lenovo, Intel, AMD, Colubris, AOC, Kingston, Microsoft, Symantec, Kaspersky, McAfee and on and on… HARDWARE REPAIR AND UPGRADE We will support, repair, and upgrade hardware from any brand or manufacturer. From Dell to Toshiba, to Lenovo/IBM we service it all. Up & Running will also perform a security wipe and dispose of your old hardware, networking equipment and software to all firms in the Calgary Region. DATA RECOVERY Our qualified technicians provide full data recovery from failed or deleted hard drives and memory sticks for anyone in Southern Alberta.
- Privacy Policy
Search for:

Most companies create a root certificate authority in their windows network and then treat it like any other server. We mean that they leave it running all the time, patch it monthly and make sure that it is functional properly. However, it was certainly best practice years ago to leave your root CA powered off, only starting it up twice a year to:

root certificate authority with lock

patch the operating system
sync a new CRL (Certificate Revocation List)

Today come up one of our newer technicians ask the question, is it still best practice to power off certificate authorities because he had never seen it before.

we thought it was a good question so we asked Microsoft and here is what they told us:

Yes, it is still considered best practice to keep a Windows Root Certification Authority (CA) offline most of the time. This practice enhances security by minimizing the risk of the root CA being compromised. The root CA is typically only powered on when necessary, such as for issuing or renewing certificates for subordinate CAs

Categories: Business & Tech News

0 Comments

Leave a Reply Cancel reply