Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
4
votes
1 answer

Enable certsrv.msc windows server 2008 r2

How to start the certsrv.msc? I need to create a cert to access to an active directory over SSL
Marco Herrarte
  • 153
  • 1
  • 1
  • 5
4
votes
2 answers

AD CS: Certificate Template not available

In short, a Certificate Template I want to use is not available for enrollment. The template in question is a copy of the "RAS and IAS Server" template. What's frustrating is that I've gotten this to work during testing, but on production the cert…
jaspher
  • 51
  • 1
  • 1
  • 6
4
votes
1 answer

Multiple CA's on Windows Server 2012

Is it possible to create multiple Certficate Authorities in Windows Server 2012? Specifically: I'd like to create a standalone root CA which will have its private key in offline secure storage. The main issuing (Enterprise) CA should have a…
dtech
  • 633
  • 2
  • 10
  • 27
4
votes
2 answers

Migrate an intermediate CA to a new root

Using the Microsoft CA is there any way to cut over to a new certificate authority from an intermediate authority? Both my systems are Microsoft CAs - I have a 2008 R2 Enterprise CA (intermediate) and an old 2003 CA (root). The 2003 box bit the…
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
4
votes
2 answers

RPC error when requesting computer certificate

I am using MMC with the certificate management snapin. I am requesting certificates from a brand new installation of a CA. Requesting User certificates works perfectly. Requesting Computer certificates fails and says the RPC service is…
Ricardo Polo Jaramillo
  • 2,039
  • 2
  • 18
  • 35
4
votes
1 answer

My Windows CA (certificate authority) main cert is expiring next week, what do I do?

I went ahead and renewed the Certificate Authority itself (right click the CA, all tasks, renew), using the same public/private keys. Do I need to do anything else to make sure things don't start to fail new week? Will the certificates set to expire…
TheCleaner
  • 32,627
  • 26
  • 132
  • 191
4
votes
3 answers

How do I reissue machine certificates for my Active Directory members now that I have a private CA?

So I have a working Active Directory. I've recently added a new machine to act as an Active Directory Certificate Authority. I've added a Group Policy (Computer level) for automatic certificate enrollment according to this document. And verified…
Eric Falsken
  • 647
  • 2
  • 8
  • 21
4
votes
2 answers

Is it safe to reboot a Windows 2003 certificate authority server? What problems might occur?

My company has a Windows 2003 root certificate authority server which is used to generate client certificates for Remote Desktop Services logins, as well as certificates for internal HTTPS websites. It recently developed some problems, and we would…
ryandenki
  • 357
  • 7
  • 19
3
votes
1 answer

realm `! Cannot set computer password: Access denied`

I'm trying to connect my debian machine to a windows server, and can't make it work. As root, kinit -V myUserName@MYDOMAIN.COM returns Using default cache: /tmp/krb5cc_0 Using principal: myUserName@MYDOMAIN.COM Password for myUserName@MYDOMAIN.COM:…
Clément
  • 111
  • 1
  • 9
3
votes
2 answers

Smartcard Logon: The domain specified is not available. Please try again later

I'm standing up a test lab. Using AD CS, I've deployed a smartcard logon cert to an HID Crescendo C1150. When I attempt to log on to a WIN7 workstation with the smartcard, I'm greeted with: The system could not log you on. The domain specified is…
The_Glidd
  • 31
  • 1
  • 1
  • 2
3
votes
1 answer

Removing LDAP from CDP & AIA in a Microsoft PKI

A default installation of a Microsoft PKI running Windows 2012 R2 includes LDAP URL's within CRL distribution points (CDP's) and Authority Information Access (AIA). I want to issue certificates outside of my organization but I don't want an internal…
medos
  • 123
  • 2
  • 8
3
votes
1 answer

Certificate revocation check fails for non-domain guest in spite of accessible CRL

When we try to use certificates on computers that are not part of the domain, Windows complains that The revocation function was unable to check revocation because the revocation server was offline. However, if I manually open the certificate and…
0xFE
  • 201
  • 1
  • 2
  • 11
3
votes
1 answer

Signing a Java Deployment Rule Set JAR using AD Certificate Services

I am tasked with deploying Java 7 Update 55 along with a Java Deployment Rule Set to all Active Directory Windows clients. I've managed to get a solid Java software deployment setup but I'm now struggling to deploy the Deployment Rule Set along…
Adam Bertram
  • 331
  • 1
  • 4
  • 11
3
votes
1 answer

How to include all dns records and IP address of a server in automatic certificate enrollment of Microsoft AD CS?

In my company there are a lot of servers which users remotely login to them to do their duties. We have enabled computer certificate auto enrollment for them to assure secure connection. But because we have some servers with multiple DNS records, it…
Pezhman Toghia
  • 31
  • 2
3
votes
1 answer

Time stamped digital signatures with AD-CS

We are planning to implement a time proof digital signature solution in our intranet. Currently we have a Enterprise AD CS up and running. We are planning to use these signatures only inside our organization. According to This technet article we…
Sandor
  • 131
  • 3
1 2
3
16 17