Solved

Installing 3rd party certificate on multiple Server 2008 Active Directory servers

Posted on 2012-03-20
1
454 Views
Last Modified: 2012-08-13
Looking at adding SSL to secure LDAP connections.
Primary need is to have the certificate installed on the Read Only AD server that will have the port opened up to specific IP addresses for hosted services off campus.

But would also like to add the option to the on campus AD servers that many devices connect to, as more of them are now supporting secure connection.

In reading through the Microsoft documentation, I am seeing the following:
The Subject name or the first name in the Subject Alternative Name (SAN) must match the Fully Qualified Domain Name (FQDN) of the host machine, such as Subject:CN=server1.contoso.com


So if I have the following scenario:
ADRO.contoso.com (the read only server)
AD1.contoso.com
AD2.contoso.com
ADVM.contos.com
ADRemote.contoso.com (AD server that will placed in DR site)

There will also be a DNS name of LDAP.contoso.com that will point to multiple AD server IP addresses.
There may be another DNS name of LDAPOC.contoso.com that points to the single read only server (with the thought that there may be a 2nd one of these down the road, and wanting a single DNS name that can point to both)

and I would like to put a certificate on all of the servers, the question I have is whether I can do this with a single SAN certificate with all of the desired names, or if this will require separate certificates for each AD server that will break down the naming like:

Certificate #1
Subject:CN=ADRO.contoso.com
With altenate SAN name of DNS record of LDAPOC.contoso.com

Certicate #2
Subject:CN=AD1.contoso.com
With alternate SAN name of LDAP.contoso.com

Certificate #3
Subject:CN=AD2.contoso.com
With alternate SAN name of LDAP.contoso.com

Certificate #4
Subject:CN=ADVM.contoso.com
With alternate SAN name of LDAP.contoso.com

Certificate #5
Subject:CN=ADRemote.contoso.com
With alternate SAN name of LDAP.contoso.com
0
Comment
Question by:pifer-grinnell-edu
1 Comment
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 37745863
single SAN certificate with all of the desired names will work fine or even a wildcard certificate (basically the same thing)
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now