Remove From My Forums

What is the difference between a Active directory certificate server and non ad cert server

Question

0

Sign in to vote

What is the difference between a Active directory certificate server and non ad cert server? Mainly Cert server in AD can listen 636 and 3269 . Are all AD servers able to listen those ports or I have to import the cert the other Ad servers?

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

Friday, July 05, 2013 4:34 PM

Reply

|

Quote

Answers

0

Sign in to vote
I have configured a ent. cert. server in a DC & 636 and 3269 are listening in all the DCs due to DC certificate.

If we are configured a ent. cert. server in a member server then we have to import a cert in all the DCs for listening the 636 and 3269.

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Marked as answer by i.biswajithMicrosoft community contributor Saturday, July 06, 2013 9:56 AM
Saturday, July 06, 2013 9:43 AM

Reply

|

Quote

All replies

0

Sign in to vote

The biggest difference that immediately stands out is that domain members will trust certs from a domain CA. There are of course other differences, but that would probably be the biggest.

I'm not certain if you're simply referring to running AD CS in or out of your domain or comparing AD CS against some other third party certificate service/server.

http://technet.microsoft.com/en-us/library/cc731564.aspx

Friday, July 05, 2013 5:30 PM

Reply

|

Quote

0

Sign in to vote

Difference between Cert server in DC and cert server in member server.
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

Friday, July 05, 2013 5:38 PM

Reply

|

Quote

1

Sign in to vote

Your CA can be on a DC or just on a member server, as long as it can reach AD and is a member of the Certificate Publishers group. AD CS uses group policy to propagate it's trusted root cert into domain members, so that will all happen from the DC's.

http://technet.microsoft.com/en-us/library/cc771443.aspx

Can you elaborate on your question regarding ports 636 and 3269?

Friday, July 05, 2013 8:54 PM

Reply

|

Quote

0

Sign in to vote

CA Server in DC can listen 636 and 3269 via LDP ; we no need any additional steps for that. Is this behaviour for That DC(Cert Sever) or all the DCs?

Mean all the DCS are able to connect 636 and 3269 via ldp?

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

Saturday, July 06, 2013 5:11 AM

Reply

|

Quote

0

Sign in to vote
I have configured a ent. cert. server in a DC & 636 and 3269 are listening in all the DCs due to DC certificate.

If we are configured a ent. cert. server in a member server then we have to import a cert in all the DCs for listening the 636 and 3269.

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Marked as answer by i.biswajithMicrosoft community contributor Saturday, July 06, 2013 9:56 AM
Saturday, July 06, 2013 9:43 AM

Reply

|

Quote