[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

Installing 3rd party certificate on multiple Server 2008 Active Directory servers

Looking at adding SSL to secure LDAP connections.
Primary need is to have the certificate installed on the Read Only AD server that will have the port opened up to specific IP addresses for hosted services off campus.

But would also like to add the option to the on campus AD servers that many devices connect to, as more of them are now supporting secure connection.

In reading through the Microsoft documentation, I am seeing the following:
The Subject name or the first name in the Subject Alternative Name (SAN) must match the Fully Qualified Domain Name (FQDN) of the host machine, such as Subject:CN=server1.contoso.com

So if I have the following scenario:
ADRO.contoso.com (the read only server)
ADRemote.contoso.com (AD server that will placed in DR site)

There will also be a DNS name of LDAP.contoso.com that will point to multiple AD server IP addresses.
There may be another DNS name of LDAPOC.contoso.com that points to the single read only server (with the thought that there may be a 2nd one of these down the road, and wanting a single DNS name that can point to both)

and I would like to put a certificate on all of the servers, the question I have is whether I can do this with a single SAN certificate with all of the desired names, or if this will require separate certificates for each AD server that will break down the naming like:

Certificate #1
With altenate SAN name of DNS record of LDAPOC.contoso.com

Certicate #2
With alternate SAN name of LDAP.contoso.com

Certificate #3
With alternate SAN name of LDAP.contoso.com

Certificate #4
With alternate SAN name of LDAP.contoso.com

Certificate #5
With alternate SAN name of LDAP.contoso.com
1 Solution
David Johnson, CD, MVPOwnerCommented:
single SAN certificate with all of the desired names will work fine or even a wildcard certificate (basically the same thing)

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now