none
What is the difference between a Active directory certificate server and non ad cert server

    Question

  • What is the difference between a Active directory certificate server and non ad cert server? Mainly Cert server in AD can listen 636 and 3269 . Are all AD servers able to listen those ports or I have to import the cert the other Ad servers? 

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Friday, July 05, 2013 4:34 PM

Answers

  • I have configured a ent. cert. server in a DC & 636 and 3269 are listening in all the DCs due to DC certificate.

    If we are configured a ent. cert. server in a member server then we have to import a cert in all the DCs for listening the 636 and 3269.

     

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Saturday, July 06, 2013 9:43 AM

All replies

  • The biggest difference that immediately stands out is that domain members will trust certs from a domain CA. There are of course other differences, but that would probably be the biggest.

    I'm not certain if you're simply referring to running AD CS in or out of your domain or comparing AD CS against some other third party certificate service/server.

    http://technet.microsoft.com/en-us/library/cc731564.aspx

    Friday, July 05, 2013 5:30 PM
  • Difference between Cert server in DC and cert server in member server.

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Friday, July 05, 2013 5:38 PM
  • Your CA can be on a DC or just on a member server, as long as it can reach AD and is a member of the Certificate Publishers group. AD CS uses group policy to propagate it's trusted root cert into domain members, so that will all happen from the DC's.

    http://technet.microsoft.com/en-us/library/cc771443.aspx

    Can you elaborate on your question regarding ports 636 and 3269?

    Friday, July 05, 2013 8:54 PM
  • CA Server in DC can listen 636 and 3269 via LDP ; we no need any additional steps for that. Is this behaviour for That DC(Cert Sever) or all the DCs?

    Mean all the DCS are able to connect 636 and 3269 via ldp?

     

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Saturday, July 06, 2013 5:11 AM
  • I have configured a ent. cert. server in a DC & 636 and 3269 are listening in all the DCs due to DC certificate.

    If we are configured a ent. cert. server in a member server then we have to import a cert in all the DCs for listening the 636 and 3269.

     

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Saturday, July 06, 2013 9:43 AM