Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
1
vote
1 answer

Missing Certificate template From certificate to issue

I have following problem: Environement: SERVER 2008 STANDARD EDITION ACTIVE DOMAIN SERVICIES INSTALLED ACTICE CERTIFICATE SERVICIES INSTALLED ENTERPRISE CA INSTALLED I create a duplicate of certificate Template without problem. I would like to ad…
Piercarlo
1
vote
1 answer

Do I need to take special care when decommissioning a certificate server in a windows domain?

I'm setting up a new Windows 2008 R2 server to take over from a older Windows 2003 box in a small windows domain. I discovered that the old server is running the only certificate service in the domain. Do I need to take any special steps, or can I…
Justin Love
  • 554
  • 3
  • 9
  • 18
1
vote
2 answers

Cleaning Up Certificate Services Infrastructure

I have inherited an Active Directory domain where certificate services were installed and not put to good use, and not documented. I would like to revamp the infrastructure and actually use the services for many security related applications, but I…
Rick
1
vote
1 answer

SubCA certificate of trust

I have deployed a PKI infrastructure with a Stand-Alone Root CA (which will be kept off) and 4 Enterprise SubCA's which depends on this Root CA. To make the computers trust the Root CA, I am going to send the Root CA certificate to the domain…
Santyuste
  • 19
  • 1
1
vote
1 answer

NDES AD certificate services Configuration error

While configuring NDES for my Win server 2019, i encountered the following error. Failed to add the following certificate templates to the enterprise Active Directory Certificate Services or update security settings on those…
ba zhang
  • 15
  • 3
1
vote
1 answer

install additional Enterprise Subordinate CA

I have already set up a working two tier Active Directory Certificate Services PKI hierarchy with an offline standalone Root CA (ROOT-CA) and one online Enterprise Subordinate CA (ISSUING-CA). For redundancy I would like to add an additional…
mokum
  • 23
  • 1
  • 5
1
vote
0 answers

Migrating Root Certificate Authority

I got thrown into the middle of a CA migration project. My co-workers are migrating a Root Certificate Authority off a 2008 R2 server and onto a new 2019 server. They have both servers running at the same time with Active Directory Certificate…
EXPchange
  • 11
  • 2
1
vote
1 answer

Active Directory - Difference between User-Cert and X509-Cert attributes

I came across two user object attributes User-Cert (ldap name: userCert) and X509-Cert (ldap name: userCertificate) in Active Directory that sound similar, but doesn't seem so. As per documentation…
ramtech
  • 133
  • 4
1
vote
1 answer

How to tell domain controllers to not enroll a "Kerberos Authentication" certificate?

As per this question, I have an environment where certificates based on the "Kerberos Authentication" template cannot be issued (there are remote sites without direct connectivity to the CA, certificate enrollment uses CEP/CES, but the Kerberos…
Massimo
  • 70,200
  • 57
  • 200
  • 323
1
vote
2 answers

ldaps certificate for connections using domain.local instead of fqdn

We have multiple Windows Server 2016 AD Domain Controllers and we need to replace all LDAP connections with LDAPS connections. For High Availability we would like to connect all LDAPS sessions to "domain.local". The problem is that all Domain…
mokum
  • 23
  • 1
  • 5
0
votes
2 answers

AD CS - OID for root and issuing CAs

I am willing to install a Root CA and an Issuing CA with AD CS for my private environment (test purpose). Do I need to obtain public OIDs (i.e. from IANA) or can I skip this requirement since my CAs are private within my domain?
SubZeno
  • 181
  • 1
  • 1
  • 7
0
votes
0 answers

Certificate Enrollment fails after working all morning

Good morning, everyone. I was working on SSL cert tasks all yesterday morning without issue, and then all of the sudden I get a failure when making a new request and it looks like this: What is even more strange is that instead of the request…
AA27CXP
  • 1
  • 2
0
votes
1 answer

Add O and OU parts in DN of a standalone CA in Windows

I have a standalone CA managed in Windows Server 2012 R2. Its certificate has a DN that includes CN and DC, as in CN=CAName,DC=domain,DC=tld. This root certificate cannot be stored in firefox, probably because it lacks O and/or OU parts, so I would…
eppesuig
  • 313
  • 1
  • 10
0
votes
1 answer

Can You Remove DC Role Without Impacting Certificate Services?

I am working on a project where we need to upgrade the OS on all our servers from 2008r2 to either 2012r2 or 2016. We have an older Domain Controller that is also running certificate services on 2008r2 which needs an OS upgrade. My question is can…
Tyson Navarre
  • 482
  • 3
  • 10
  • 23
0
votes
1 answer

Submit unsigned pkcs10 to windows certificate authority

Is it possible to make a Windows Server Certificate Authority accept a PKCS10 certificate request that is unsigned? I get the following error Error Verifying Request Signature or Signing Certificate The request is not supported. 0x80070032 (WIN32:…
Ivan Stanev
  • 3
  • 4
1 2 3
16 17