Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
2
votes
2 answers

Should Remote Desktop use a dedicated certificate template?

Practically all instructions on enabling certificates for Remote Desktop server authentication (and configuring auto-enrollment through Group Policy) say that you should create a new certificate template (named "RemoteDesktopComputer" or similar),…
user1686
  • 10,162
  • 1
  • 26
  • 42
2
votes
1 answer

How do I request a new certificate from a Windows 2016 Issuing CA which has an expired certificate?

We have an offline RootCA which still has a valid certificate. Our subordinate issuing CA unfortunately expired before we renewed. How does one recover from this scenario? Windows Server 2016 environment.
Jim Hankins
  • 141
  • 7
2
votes
1 answer

Distribute Secrets via Active Directory [Group Policy]

I would like to simplify my life and distribute secrets (real secrets, like encryption private keys) to Active Directory domain member computers. Probably via Active Directory Group Policy, but will be happy with any working solution. Only a subset…
adontz
  • 337
  • 5
  • 12
2
votes
1 answer

Active Directory Certificate Services autorenew

I have an LDAP application which needs to talk to Active Directory via LDAPS (LDAP over SSL). I installed Active Directory Certificate Services on a test Domain Controller (I know this is not best practice, but my customer has no spare Windows…
shodanshok
  • 47,711
  • 7
  • 111
  • 180
1
vote
1 answer

Unable to Backup or Restore Certificate Authority?

I migrated Certificate Authority Enterprise from windows server 2012 R2 to Windows Server 2019. Both Server are VMs Here are the steps I took: Baskup CA database, key and registry config of the windows server 2012 Unplug the network for the windows…
Kefash
  • 111
  • 3
1
vote
1 answer

If I install certificate services (enterprise root ca) on a domain controller is LDAPS automatically enabled?

reading this article: https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc The first method is the easiest: LDAPS is automatically enabled when you install an Enterprise Root CA on a Domain Controller. If you install the AD-CS…
red888
  • 4,183
  • 18
  • 64
  • 111
1
vote
1 answer

Error installing Active Directory Certificate Services

I'm trying to install Active Directory Certificate Services on a Windows Server 2016 Standard Core VM where I logged in with the Administrator account. I ran the following Powershell cmdlet: ps> Add-WindowsFeature Adcs-Cert-Authority…
Brian
  • 113
  • 1
  • 3
1
vote
0 answers

AD CS Auto Enrollment Multiple Templates

I've recently setup AD Certificate Services and it seems to be working okay although I can't say I'm familiar with every aspect of this. I can setup auto-enrollment and this works but I think I should have multiple templates, one for servers and one…
John Sayce
  • 7
  • 4
1
vote
1 answer

Group security permissions for certificate template not working

I have a certificate template published on my domain-joined Server 2016 Enterprise CA - I'm trying to set up certificate autoenrollment for our internal webservers. When the template has read/enroll/autoenroll permissions granted directly to a…
JMP
  • 123
  • 1
  • 1
  • 6
1
vote
0 answers

Issue certificate to IP address in AD CS

We're trying to get a Sophos XG 210 to connect via LDAPS to an Active Directory Domain Services (AD DS) / Domain Controller (DC) server but doing so fails with the following two errors: Device - AD server connectivity test failed Connectivity to…
mythofechelon
  • 905
  • 3
  • 24
  • 42
1
vote
1 answer

Block Subject Alternative Names in ADCS

I am managing a Windows 2008 ADCS CA and have been aware of the security risks in issuing certificates with SANs. So I tested issuing a PKCS10 file with SANs in the request and it issued the certificate with the SANs when it's supposed to be…
JuanKB1024
  • 133
  • 1
  • 2
  • 7
1
vote
1 answer

Active Directory Certificate Services CEP/CES won't show templates added to CA

I am running this on Server 2016, domain is 2012r2, client computers are Win10 and Win7. I have a two-tier PKI infrastructure (offline root) that I recently set up, and I have had no issues with most of the configuration. The issue that I currently…
Joseph Alcorn
  • 257
  • 5
  • 14
1
vote
1 answer

Windows NDES / SCEP URL is using the CA's hostname, can I change this to the FQDN?

First off I need to describe the environment my team is using for Testing and development. A single class C address space. 4 AD using the this address space. A single Bind9 DNS server acting as a secondary for all of the AD zones. No trusts…
user156514
  • 23
  • 3
1
vote
2 answers

How do I tell which machine is the Certificate Authority?

We have a network using Windows Server 2003 with Active Directory. A few years ago I set up the Certificate Authority on one of the servers. Recently I wanted to do some maintenance, but found that the CA on that machine hasn't been issuing…
Chris Wenham
  • 189
  • 1
  • 1
  • 8
1
vote
0 answers

Unable to generate and import user certificate from ADCS in Chrome

We are using Certificate Based Authentication using ADCS. So in order for user to access an internal website, they need their own signed certificate. With ADCS, the user gets their signed certificate in form of CRT files ( user1.crt ) which they can…
zealvora
  • 81
  • 2
  • 9
1 2 3
16 17