Windows 2003 AD - SSL Certificate Autoenrollment
Posted on 2007-07-20
What is the best way to prevent the default SSL cert's (for AD replication) being applied to one particular DC in my environment.
I need to install a publicly signed SSL certificate on the DC for authentication purposes (Thawte) and I need to ensure that the domain controller certificate issued to Domain Controllers for replication is not reinstalled through autoenrollment when I delete it and reboot the DC?
I only want to prevent this on one DC.
I have tried various options including installing the Thawte cert, assigning it the server authentication role, assigning the default cert no role (have deleted as well), but as soon as the DC is rebooted, teh default cert takes over again.