Microsoft CA Server


              I have a question if I want to setup certificate on AD, where all computers and servers join to the domain will automatically generate a cert and also set to expire if the computer is not on the domain for sometime, what would be the best way to go about that.  I also want to use the same cert for Cisco Wireless Access Points to handle authentication on TACAS.  Which means that I also want the ability to generate certificate for linux devices.  Also, I want the ability to run PKI encryption on Outlook.  Lots of requirements and I am hoping a all in one solution can handle this.  Thanks for reading.
Who is Participating?
A certificate has a fixed valid period (1,2, 3 years up to the current validity of the CA certificate)
A certificate will not auto expire or will be auto-cancelled if the server is off for an extended period of time.  In AD the server credentials to access AD domain resources expires after tombstone period (90-180) days depending on your settings.

In the above links look at certificate revocation list (CRL) setup. This will allow you via the CA administration to revoke a certificate. Which you need to prevent users/systems from accessing wifi.
btanConnect With a Mentor Exec ConsultantCommented:
Another worth mentioning and considering is the use of ocsp that is to ease of tardiness of crl checks ...

Slightly old article from cisco on acs and ms ca with also autoenrollment
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.