Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
0
votes
1 answer

Configure how long requests are displayed in CertSrv web enrollment

I have a Win2008R2 enterprise CA in ADCS and the certificate template is set to ask CA administrator to issue or deny the request. By default, when the user submits the requests through web enrollment, the request is set as pending but the list of…
JuanKB1024
  • 133
  • 1
  • 2
  • 7
0
votes
0 answers

Generate server/client certificates for openvpn with Windows CA

I need to setup a new OpenVPN channel but I already have a Windows CA, so I need to sign both server and client certs with this CA. I created a new server and client sign request: openssl req -newkey rsa:2048 -keyout client.key -nodes -out…
Tobia
  • 1,272
  • 9
  • 41
  • 81
0
votes
1 answer

How to get and install a certificate (for Remote Desktop Server) from Active Directory Certificate Services after approval of request?

I installed a machine with Active Directory Certificate Services (Enterprise Internal Root Authority). The machine is installed as Server Core with minimal roles, so Web service for CA is not installed. I need a certificate for RDS server machines.…
unlikely
  • 173
  • 2
  • 9
0
votes
1 answer

ADCS PKI - Cross-Certification or Bridge CA?

Our company is being acquired by another company and we are curious on the requirements needed to create a cross-certification / bridge CA solution. Cross-Certification is issuing a Cross Certification Auth. certificate to the root CA of Fabrikam…
Matt L.
  • 21
  • 3
0
votes
1 answer

Generation of certificates when auto-enrolling to clients - AD CS

You can auto-enroll machine certificates in an Active Directory environment by using Microsoft Active Directory Certificate Services. But how is the generation of the certificates, meant for the clients, done in this matter? Which of the following…
Birdman
  • 103
  • 2
0
votes
1 answer

Active Directory Certificate Services set up For Skype for business setup

I'm following this link to set up a skype for business server 2015. Matt Landis' Article On setting up S4B server is there a way i can bypass the Request Certificates step. Or if not How can I add a Certificate service in my AD server. I have a…
Jins Peter
  • 101
  • 3
0
votes
1 answer

How to remove the Certificate Enrollment Web Service role?

I misunderstood the purpose of the Certificate Enrollment Web Service role, and I installed it by mistake during my first configuration of my new Server Essentials 2016 instance. Now that I've discovered that I don't need it and would rather not…
InteXX
  • 753
  • 2
  • 15
  • 33
0
votes
1 answer

Unable to install NDES

I have enterprice CA running on a Windows 2008 box. I am trying to configure NDES on a windows server 2012 R2. I followed all the instructions word by word from this blog: http://windowsitpro.com/security/setting-network-device-enrollment-service…
Matt
  • 1
  • 1
  • 1
0
votes
1 answer

Microsoft Certification Authority: How to make certificates work on domain active directory

I have been struggling with Microsoft Certification Authority lately. Most resources only explain how SSL works and what certificates are, how they work, how they are issued and what they are used for. I understand all of that now. Thanks to…
Blufftl
  • 87
  • 1
  • 8
0
votes
2 answers

Windows Server 2008r2 Certificate services

I have a windows server 2008 r2 domain named ITTraining.local promoted to dc and another server which is added in ITTraining domain and on which i am installing Certificate services role, but while doing i am getting the enterprise CA option greyed…
Aamir
  • 149
  • 1
  • 1
  • 5
0
votes
0 answers

SHA1 Migration - Internal CAs Upgrade Requirement

SHA1 Migration - Internal CAs Upgrade Requirement A lot of internet blogs are stating that if a SHA1 certificate is not upgraded by Jan. 1st 2017, the SSL certificate will be rejected by most sites. Now from what I understand is that this will NOT…
Matt L.
  • 21
  • 3
0
votes
1 answer

Parallel PKI hierarchy Setup With ADCS

I am very new to ADCS, and have a challenge to migrate our old Tire-2 PKI to SHA-256. As we were suggested to setup a parallel SHA-2 CA, I am not greeting any idea, how to go ahead with it, I can create a offline Root CA with SHA-2, but then how do…
Sulu
  • 1
0
votes
0 answers

Invalid CRL distribution points in certs after CA migration

I have recently migrated an Enterprise CA from a Windows Server 2003 box to a Windows Server 2012 R2 box using the Active Directory Certificate Services Migration Guide. The CA was running entirely on the one machine, and looks as though it was a…
dbr
  • 1,852
  • 3
  • 23
  • 38
0
votes
1 answer

Can I setup logstash with windows generated certs instead of openssl?

Going through this tutorial. They use openssl to generate certs to use with logstash ie this command: sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out…
red888
  • 4,183
  • 18
  • 64
  • 111
0
votes
2 answers

Does Root CA need to be online?

I am trying to setup an IPv6-only Exchange Server 2013, running on Server 2012 R2 Datacenter. This is a 1-machine-setup in a VirtualBox for testing purposes. Everything is running ok so far. I.e. I can access the Exchange-OWA and send and receive…
TJJ
  • 130
  • 10
1 2 3
16 17