Microsoft CA Server

All SME

              I have a question if I want to setup certificate on AD, where all computers and servers join to the domain will automatically generate a cert and also set to expire if the computer is not on the domain for sometime, what would be the best way to go about that.  I also want to use the same cert for Cisco Wireless Access Points to handle authentication on TACAS.  Which means that I also want the ability to generate certificate for linux devices.  Also, I want the ability to run PKI encryption on Outlook.  Lots of requirements and I am hoping a all in one solution can handle this.  Thanks for reading.
WooYingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
A certificate has a fixed valid period (1,2, 3 years up to the current validity of the CA certificate)
A certificate will not auto expire or will be auto-cancelled if the server is off for an extended period of time.  In AD the server credentials to access AD domain resources expires after tombstone period (90-180) days depending on your settings.

In the above links look at certificate revocation list (CRL) setup. This will allow you via the CA administration to revoke a certificate. Which you need to prevent users/systems from accessing wifi.
0
btanExec ConsultantCommented:
Another worth mentioning and considering is the use of ocsp that is to ease of tardiness of crl checks ...
http://technet.microsoft.com/en-us/library/cc731001.aspx

Slightly old article from cisco on acs and ms ca with also autoenrollment
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.