WooYing
asked on
Microsoft CA Server
All SME
I have a question if I want to setup certificate on AD, where all computers and servers join to the domain will automatically generate a cert and also set to expire if the computer is not on the domain for sometime, what would be the best way to go about that. I also want to use the same cert for Cisco Wireless Access Points to handle authentication on TACAS. Which means that I also want the ability to generate certificate for linux devices. Also, I want the ability to run PKI encryption on Outlook. Lots of requirements and I am hoping a all in one solution can handle this. Thanks for reading.
I have a question if I want to setup certificate on AD, where all computers and servers join to the domain will automatically generate a cert and also set to expire if the computer is not on the domain for sometime, what would be the best way to go about that. I also want to use the same cert for Cisco Wireless Access Points to handle authentication on TACAS. Which means that I also want the ability to generate certificate for linux devices. Also, I want the ability to run PKI encryption on Outlook. Lots of requirements and I am hoping a all in one solution can handle this. Thanks for reading.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A certificate will not auto expire or will be auto-cancelled if the server is off for an extended period of time. In AD the server credentials to access AD domain resources expires after tombstone period (90-180) days depending on your settings.
In the above links look at certificate revocation list (CRL) setup. This will allow you via the CA administration to revoke a certificate. Which you need to prevent users/systems from accessing wifi.