We have noticed that we have a ton of certificates that were made by the Cross Certificate Temple. I am not even sure how they are getting made but is there a way to stop them and if so can we just delete them without harming anything? We only have one Root CA and one Sub CA. and only one domain.
So how can I stop them from being made and if I delete them will it harm anything?
Well I found out how they got created. Once you update the cert with a new key pair and your old cert has not expired, the root CA will then create Cross Certificates which will allow a cert to be created using either the old cert or the new cert. Now just to figure out how to remove them or just let the old cert expire and hopefully they will go away.