From: Andy Swiffin
Sent: 14 January 2013 16:27
To: [log in to unmask]
Subject: Certificate Authority in an AD tree
When we started moving things over to AD, we were slightly surprised to find the LDAP servers don't do 636 out of the box and started looking at generating a certificate for them, only to find we had yet to install a CA. We've started to look into AD certificate
services and its all a bit bemusing. It seems to be telling us that we need to do all kinds of stuff like install a separate server with the root CA on which is usually turned off, we need to have more servers as Enterprise subordinate issuing CAs, and
more as Online Responders and on and on and on.....
Is all this necessary? As I see it I want:
a CA
from which I want to issue a certificate for a LDAP server. (maybe two or three more as we migrate more things over to it),
. <period!>
Can I not do this on just one server, (one of the DCs), do I need all of this other stuff? All I want to do is secure an LDAP server.