Vision_Globale
asked on
Should I have any concern before installing Active Directory Certificate Services in my forest?
Hi,
I was asked to install ADCS to enable authentication for a project that needs LDAP integration using PicketLink (Import a certificate for LDAPS authentication).
I have no experience with that role (ADCS) and consequence on the forest, it's certificates etc...
My question is, should I have any concerns while installing that role vs Active Directory?
Thank you.
Dany
VG
I was asked to install ADCS to enable authentication for a project that needs LDAP integration using PicketLink (Import a certificate for LDAPS authentication).
I have no experience with that role (ADCS) and consequence on the forest, it's certificates etc...
My question is, should I have any concerns while installing that role vs Active Directory?
Thank you.
Dany
VG
Installing ADCS poses no risk to AD. It's worth it though to take the time to thoroughly consider how you want things set up if you're going to deploy a full blown PKI. For example if you wanted to maintain an offline standalone root, multiple issuing CAs, etc. You can certainly have just a single CA for small environments.
ASKER
Hi Footech,
Thanx for the fast reply! Well, we don't need a full blown PKI (I am not sure what it practically means), but I get it, I have to do my home work first. For now, we are looking at generating basic cert for auth (ldaps) for an internal website.
Anyways, thank you for the info.
Dany
Thanx for the fast reply! Well, we don't need a full blown PKI (I am not sure what it practically means), but I get it, I have to do my home work first. For now, we are looking at generating basic cert for auth (ldaps) for an internal website.
Anyways, thank you for the info.
Dany
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Going to install the role on a member server, trying to avoid a DC for such a role.
Will there be an impact (revocation...) on the certificates already use by domain machines, exchange, services for unix etc... Or it's business as usual and from now on, we can issue certs with no problems?
Thanx,
Dan
Will there be an impact (revocation...) on the certificates already use by domain machines, exchange, services for unix etc... Or it's business as usual and from now on, we can issue certs with no problems?
Thanx,
Dan
Business as usual. Installing a CA and issuing certs from it has no impact on existing certs from other CAs or self-signed ones.
ASKER
Footech, Thanks a lot appreciate the feedback!
Dan
Dan