Solved

Should I have any concern before installing Active Directory Certificate Services in my forest?

Posted on 2014-12-12
6
85 Views
Last Modified: 2014-12-16
Hi,

I was asked to install ADCS to enable authentication for a project that needs LDAP integration using PicketLink (Import a certificate for LDAPS authentication).

I have no experience with that role (ADCS) and consequence on the forest, it's certificates etc...

My question is, should I have any concerns while installing that role vs Active Directory?

Thank you.

Dany
VG
0
Comment
Question by:Vision_Globale
  • 3
  • 3
6 Comments
 
LVL 39

Expert Comment

by:footech
ID: 40497086
Installing ADCS poses no risk to AD.  It's worth it though to take the time to thoroughly consider how you want things set up if you're going to deploy a full blown PKI.  For example if you wanted to maintain an offline standalone root, multiple issuing CAs, etc.  You can certainly have just a single CA for small environments.
0
 

Author Comment

by:Vision_Globale
ID: 40500857
Hi Footech,

Thanx for the fast reply! Well, we don't need a full blown PKI (I am not sure what it practically means), but I get it, I have to do my home work first. For now, we are looking at generating basic cert for auth (ldaps) for an internal website.

Anyways, thank you for the info.

Dany
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40501462
Yeah, it is a nebulous concept, even in my head.  I guess I generally think of a full blown PKI as any setup which has multiple CAs, as that's a fair indication that some thought has gone into it and the setup reflects best practices.  However, as you may know small environments tend to live in a gray area as far as best practices are concerned.  It may be great to have separate servers for each individual role and have redundancies, etc, but that's not always practical.  So in small environments you may just rely on a single enterprise (as opposed to standalone) CA.

You can install the AD CS role on any member server or even a DC.  You can't rename a server with AD CS installed.  It's no problem to uninstall AD CS either, you just have to be aware any certificates that have been issued and how you're going to manage those.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:Vision_Globale
ID: 40501535
Going to install the role on a member server, trying to avoid a DC for such a role.

Will there be an impact (revocation...) on the certificates already use by domain machines, exchange, services for unix etc... Or it's business as usual and from now on, we can issue certs with no problems?

Thanx,

Dan
0
 
LVL 39

Expert Comment

by:footech
ID: 40501556
Business as usual.  Installing a CA and issuing certs from it has no impact on existing certs from other CAs or self-signed ones.
0
 

Author Comment

by:Vision_Globale
ID: 40501612
Footech, Thanks a lot appreciate the feedback!

Dan
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Get to know the ins and outs of building a web-based ERP system for your enterprise. Development timeline, technology, and costs outlined.
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now