The certification authority does not by default revoke certificates for devices when they are unregistered. You must give the host computer for the Centrify Connector the "Issue and Manage Certificates" permission in the certification authority server to revoke certificates.
Note: You must grant this permission in the certification authority for the host computer for each of your Centrify Connectors.
To enable certification authority to revoke certificates when devices are unregistered:
- Launch certsrv.msc or the Certificate Authority console on the Windows server with the certification authority installed.
- Right-click the certification authority and click Properties.
- Click the Security tab.
Click the Add button and select the host computer for the Centrify Connector.
Make sure the “Computer” object type is selected (click Object Types and select Computers) and enter the first few characters of the computer name as the search filter in the Check Names field.
Select the computer and click OK.
- Select the computer from the Group or user names list and set the Issue and Manager Certificates permission to Allow.
- Click OK.
- Repeat this procedure for all of your connector host computers.