Problem:
I renewed the root CA but my auto-renew certificates have not updated, how do I force this?
Solution:
Open your CA MMC, click on the ‘Certificate Template’ and choose Manage.
Go to the CA type you want to mass re-enroll. Right click on the template and choose ‘renew all certificate holders. Then wait (1-2 days), or force a the below command on all machines:
certutil -pulse
Everything should have a new cert.
Manually requested certs will need to be manually requested again. If you need to change any configs manually on systems you have an auto cert, you may want to do the pulse manually, and then update any configs.
