[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Should I have any concern before installing Active Directory Certificate Services in my forest?

Posted on 2014-12-12
6
Medium Priority
?
95 Views
Last Modified: 2014-12-16
Hi,

I was asked to install ADCS to enable authentication for a project that needs LDAP integration using PicketLink (Import a certificate for LDAPS authentication).

I have no experience with that role (ADCS) and consequence on the forest, it's certificates etc...

My question is, should I have any concerns while installing that role vs Active Directory?

Thank you.

Dany
VG
0
Comment
Question by:Vision_Globale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 41

Expert Comment

by:footech
ID: 40497086
Installing ADCS poses no risk to AD.  It's worth it though to take the time to thoroughly consider how you want things set up if you're going to deploy a full blown PKI.  For example if you wanted to maintain an offline standalone root, multiple issuing CAs, etc.  You can certainly have just a single CA for small environments.
0
 

Author Comment

by:Vision_Globale
ID: 40500857
Hi Footech,

Thanx for the fast reply! Well, we don't need a full blown PKI (I am not sure what it practically means), but I get it, I have to do my home work first. For now, we are looking at generating basic cert for auth (ldaps) for an internal website.

Anyways, thank you for the info.

Dany
0
 
LVL 41

Accepted Solution

by:
footech earned 1500 total points
ID: 40501462
Yeah, it is a nebulous concept, even in my head.  I guess I generally think of a full blown PKI as any setup which has multiple CAs, as that's a fair indication that some thought has gone into it and the setup reflects best practices.  However, as you may know small environments tend to live in a gray area as far as best practices are concerned.  It may be great to have separate servers for each individual role and have redundancies, etc, but that's not always practical.  So in small environments you may just rely on a single enterprise (as opposed to standalone) CA.

You can install the AD CS role on any member server or even a DC.  You can't rename a server with AD CS installed.  It's no problem to uninstall AD CS either, you just have to be aware any certificates that have been issued and how you're going to manage those.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:Vision_Globale
ID: 40501535
Going to install the role on a member server, trying to avoid a DC for such a role.

Will there be an impact (revocation...) on the certificates already use by domain machines, exchange, services for unix etc... Or it's business as usual and from now on, we can issue certs with no problems?

Thanx,

Dan
0
 
LVL 41

Expert Comment

by:footech
ID: 40501556
Business as usual.  Installing a CA and issuing certs from it has no impact on existing certs from other CAs or self-signed ones.
0
 

Author Comment

by:Vision_Globale
ID: 40501612
Footech, Thanks a lot appreciate the feedback!

Dan
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question