Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
0
votes
4 answers

NPS EAP authentication failing after Windows Update

I have a Windows 2008 Std server running NPS. After applying the latest round of updates (including Root Certificates for April 2012 KB931125 (See:http://support.microsoft.com/kb/933430/)), EAP authentication is failing due to being…
sqlreader
  • 281
  • 1
  • 3
  • 8
0
votes
1 answer

Issuing Computer Certificates to Non-Domain Members (Enterprise CA)

I am trying to implement remote client access using L2TP/IPSec VPN for both domain members and non-members. Domain members is fine and working OK but I am having trouble issuing a certificate to the non-domain members. I believe I must be looking at…
Tony Blunt
  • 167
  • 5
  • 14
0
votes
1 answer

Can not find a specific group in MS Windows 2008

In a MS-Win 2008 SP2 I am trying to find the group CERTSVC_DCOM_ACCESS. I followed this link Error in MS-CA request instructions but I can not seem to find that group. Where it? Does it have a different name?
user76678
  • 349
  • 3
  • 5
  • 16
0
votes
1 answer

Understating certificate authority nesting

Given we have the following network/CA structure: Win2K8R2 - Root CA - no idea where its' certificate is? Win2K8R2 - Sub CA - obtained CA certificate from Root CA Win2K8R2 - OWA 2010 (Basically, a Web Server) - obtained an SSL certificate from…
Maxim V. Pavlov
  • 663
  • 3
  • 11
  • 29
0
votes
1 answer

Creating an MS Certificate Authority using CA Root Certificate created with OpenSSL

Using the guide here: http://www.davidpashley.com/articles/cert-authority.html I have create a certificate authority using OpenSSL. However I would now like to use the Microsoft CA instead. The question is, is it possible to "import" the root/sub…
MrEyes
  • 313
  • 4
  • 14
0
votes
1 answer

Shorten CA Certificate lifetime with Certificate Services?

I recently setup Windows 2003 Certificate Services and installed a five year certificate. I'm now working with a vendor that requires our public CA key so that they can trust all certificates generated by us, but they will not accept it since the…
Brett G
  • 2,033
  • 2
  • 28
  • 45
0
votes
1 answer

CA: Certificate User for VPN

From a subordinate Enterprise CA I want to generate a user certificate that serves as an authentication method for VPN connections. I want to install this certificate with autoenroll on the domain users with a GPO. There is an option in the…
Santyuste
  • 19
  • 1
0
votes
0 answers

Migrating a CA to a new server - CA services won't start

We have an Enterprise Root CA running on Server 2012 R2. I built a replacement server running Server 2019 and followed the steps in the below article, I backed up the CA and relevant registry keys, then restored them to the new server. I followed…
LeeCS
  • 1
  • 1
0
votes
1 answer

LDAPS certificate isn't working on new server for third parties

About 5-6 years ago I setup LDAPS on my Primary Domain controller. I setup Active Directory Certificate Services (all on the same server), forwarded the port 636 on my firewall, and was able to successfully authenticate with third parties using…
ItsPronounced
  • 634
  • 4
  • 18
  • 40
0
votes
1 answer

Creating a new root certificate with new key length on windows ad certificate services

Due to new corporate guidelines I need to update the root certificate of my CA so the key length is 4096bits (Currently 2048bits). My CA is AD integrated and currently running on our DC. So now I am stuck at the point where I am not finding any kind…
Bad Santa
  • 1
0
votes
0 answers

How to submit certificate request from Red Hat machine to Windows CA?

I’m looking for solution, which helps me send certificate request from domain-joined RedHat Enterprise Linux machine to Certification Authority on Windows Sever 2022. Is there any solution to do this? I know that I can generate request manually and…
amperek
  • 9
  • 1
0
votes
2 answers

Change certificate issuer

Is it possible to change the "issuer" value in a CA so that when a new certificate is issued, the new "issuer" value appears? In the case of having several SubCa, is it possible to match the same "issuer" in the certificates of all the SubCa or…
Santyuste
  • 19
  • 1
0
votes
1 answer

Windows Server 2019 ADCS. CA subordinate

I have a "CA1" server with Windows 2019 that has the CA root Enterprise service. Additionally I have another server "CA-Subordinate" with Windows 2019 with the CA subordinate service of "CA1". The CA root server "CA1" I am going to decommission it…
Santyuste
  • 19
  • 1
0
votes
2 answers

With multiple RDP certificates, do all get checked?

If a Windows host has multiple RDP certificates. Do all get checked while connecting or only the first found? I have a RDP certificates deployed from an Root CA with now invalid OCSP location in the AIA. Connecting to every hosts now takes obviously…
Synertry
  • 83
  • 1
  • 3
0
votes
1 answer

Trouble setting up CES and CEP PKI in a trusted forest scenario

I have two AD domains with a two-way forest trust. I want computer accounts in DomainB to enroll for computer client auth certificates from the two-tier Windows CA in DomainA. I configured a certificate cert template in the issuing CA for this and…
corndog
  • 1
1 2 3
16 17