Solved

Should I have any concern before installing Active Directory Certificate Services in my forest?

Posted on 2014-12-12
6
92 Views
Last Modified: 2014-12-16
Hi,

I was asked to install ADCS to enable authentication for a project that needs LDAP integration using PicketLink (Import a certificate for LDAPS authentication).

I have no experience with that role (ADCS) and consequence on the forest, it's certificates etc...

My question is, should I have any concerns while installing that role vs Active Directory?

Thank you.

Dany
VG
0
Comment
Question by:Vision_Globale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40497086
Installing ADCS poses no risk to AD.  It's worth it though to take the time to thoroughly consider how you want things set up if you're going to deploy a full blown PKI.  For example if you wanted to maintain an offline standalone root, multiple issuing CAs, etc.  You can certainly have just a single CA for small environments.
0
 

Author Comment

by:Vision_Globale
ID: 40500857
Hi Footech,

Thanx for the fast reply! Well, we don't need a full blown PKI (I am not sure what it practically means), but I get it, I have to do my home work first. For now, we are looking at generating basic cert for auth (ldaps) for an internal website.

Anyways, thank you for the info.

Dany
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40501462
Yeah, it is a nebulous concept, even in my head.  I guess I generally think of a full blown PKI as any setup which has multiple CAs, as that's a fair indication that some thought has gone into it and the setup reflects best practices.  However, as you may know small environments tend to live in a gray area as far as best practices are concerned.  It may be great to have separate servers for each individual role and have redundancies, etc, but that's not always practical.  So in small environments you may just rely on a single enterprise (as opposed to standalone) CA.

You can install the AD CS role on any member server or even a DC.  You can't rename a server with AD CS installed.  It's no problem to uninstall AD CS either, you just have to be aware any certificates that have been issued and how you're going to manage those.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:Vision_Globale
ID: 40501535
Going to install the role on a member server, trying to avoid a DC for such a role.

Will there be an impact (revocation...) on the certificates already use by domain machines, exchange, services for unix etc... Or it's business as usual and from now on, we can issue certs with no problems?

Thanx,

Dan
0
 
LVL 40

Expert Comment

by:footech
ID: 40501556
Business as usual.  Installing a CA and issuing certs from it has no impact on existing certs from other CAs or self-signed ones.
0
 

Author Comment

by:Vision_Globale
ID: 40501612
Footech, Thanks a lot appreciate the feedback!

Dan
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question