From 5403c39c207c97a4a95f0d18fb8ae0dbfc04f2f3 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 21 Dec 2022 16:50:51 -0500
Subject: [PATCH] updates
---
.../hello-hybrid-key-trust-validate-pki.md | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md
index a7201bc0f1..eeeb654fb8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md
@@ -61,7 +61,6 @@ If you don't have an existing PKI, review [Certification Authority Guidance](/pr
Expand the following sections to configure the PKI for Windows Hello for Business.
-
Configure domain controller certificates
@@ -103,9 +102,8 @@ Sign in to a CA or management workstations with *Domain Administrator* equivalen
-
-Supersede existing domain controller certificates
+Supersede existing domain controller certificates
The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension.
@@ -134,7 +132,6 @@ The certificate template is configured to supersede all the certificate template
-
Unpublish Superseded Certificate Templates
@@ -151,7 +148,6 @@ Sign in to the CA or management workstation with *Enterprise Administrator* equi
-
Publish certificate templates to the CA