glennbrown2
asked on
Windows 2003 AD - SSL Certificate Autoenrollment
Hi
What is the best way to prevent the default SSL cert's (for AD replication) being applied to one particular DC in my environment.
I need to install a publicly signed SSL certificate on the DC for authentication purposes (Thawte) and I need to ensure that the domain controller certificate issued to Domain Controllers for replication is not reinstalled through autoenrollment when I delete it and reboot the DC?
I only want to prevent this on one DC.
I have tried various options including installing the Thawte cert, assigning it the server authentication role, assigning the default cert no role (have deleted as well), but as soon as the DC is rebooted, teh default cert takes over again.
Thanks
What is the best way to prevent the default SSL cert's (for AD replication) being applied to one particular DC in my environment.
I need to install a publicly signed SSL certificate on the DC for authentication purposes (Thawte) and I need to ensure that the domain controller certificate issued to Domain Controllers for replication is not reinstalled through autoenrollment when I delete it and reboot the DC?
I only want to prevent this on one DC.
I have tried various options including installing the Thawte cert, assigning it the server authentication role, assigning the default cert no role (have deleted as well), but as soon as the DC is rebooted, teh default cert takes over again.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
See http://support.microsoft.com/kb/187498