troubleshooting Question

Windows 2003 AD - SSL Certificate Autoenrollment

Avatar of glennbrown2
glennbrown2 asked on
Windows Server 2003Active Directory
2 Comments1 Solution1390 ViewsLast Modified:

What is the best way to prevent the default SSL cert's (for AD replication) being applied to one particular DC in my environment.

I need to install a publicly signed SSL certificate on the DC for authentication purposes (Thawte) and I need to ensure that the domain controller certificate issued to Domain Controllers for replication is not reinstalled through autoenrollment when I delete it and reboot the DC?

I only want to prevent this on one DC.  

I have tried various options including installing the Thawte cert, assigning it the server authentication role, assigning the default cert no role (have deleted as well), but as soon as the DC is rebooted, teh default cert takes over again.

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 2 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros