Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

ROOT CA To Be Generated From AD

We require to generate a certificate in AD for the LDAPS. We will then need to import the generated cert into the cert store on a particular server.
As well will need to deploy certs to desktops and other servers. What issues can we expect?
I have viewed the following article, http://technet.microsoft.com/en-us/library/cc772393%28WS.10%29.aspx. Do we just follow the "To set up an enterprise root CA" procedure?
0
ablsysadmin
Asked:
ablsysadmin
  • 4
  • 4
1 Solution
 
TasmantCommented:
When deploying an enterprise root CA, the CA public certificate is published into AD and automatically deployed to domain members as a trusted root certificate.
You can duplicate templates and activate the autoenrollment to automatically deploy computer/servers certificates to your machines.
If Domain Controllers fails to get certificate, check if the Domain Controllers group is member of CERTSVC_DCOM_ACCESS.

Based on your domain hierarchy, you could encounter issue with enrollment. Take a closer look at :
- http://support.microsoft.com/kb/281271/en-us
- http://support.microsoft.com/kb/927066/en-us
- http://support.microsoft.com/kb/961298
0
 
TasmantCommented:
0
 
ablsysadminAuthor Commented:
Hi, checked all that you requested. Pretty straight forward to install the root CA. Note that all that is required is to enable SSL on AD. Will the installation of the root ca affect anything or?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
TasmantCommented:
the installation of the CA won't affect anything. CA will bring new features and capabilities on your network but shouldn't break anything.
0
 
ablsysadminAuthor Commented:
Thanks for the quick reply. Will this enable SSL/LDAP automatically?
0
 
ablsysadminAuthor Commented:
Hi, i created a copy DC and installed CA without any issues. LDAPs is enabled. But now if i try to join the domain (test DC) from an test workstation i am unable to join the domain using NetBIOS? FQDN domain works 100% but NetBIOS name fails. will this influence the netbios authentication as well? Thinking of domain authentication being used in services like SQL services start-ups
0
 
ablsysadminAuthor Commented:
solution found. going to implement CA
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now