Answered by:
What is the difference between a Active directory certificate server and non ad cert server

-
What is the difference between a Active directory certificate server and non ad cert server? Mainly Cert server in AD can listen 636 and 3269 . Are all AD servers able to listen those ports or I have to import the cert the other Ad servers?
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Question
Answers
-
I have configured a ent. cert. server in a DC & 636 and 3269 are listening in all the DCs due to DC certificate.
If we are configured a ent. cert. server in a member server then we have to import a cert in all the DCs for listening the 636 and 3269.
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Marked as answer by bshwjt Saturday, July 06, 2013 9:56 AM
All replies
-
The biggest difference that immediately stands out is that domain members will trust certs from a domain CA. There are of course other differences, but that would probably be the biggest.
I'm not certain if you're simply referring to running AD CS in or out of your domain or comparing AD CS against some other third party certificate service/server.
http://technet.microsoft.com/en-us/library/cc731564.aspx
-
Difference between Cert server in DC and cert server in member server.
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
-
Your CA can be on a DC or just on a member server, as long as it can reach AD and is a member of the Certificate Publishers group. AD CS uses group policy to propagate it's trusted root cert into domain members, so that will all happen from the DC's.
http://technet.microsoft.com/en-us/library/cc771443.aspx
Can you elaborate on your question regarding ports 636 and 3269?
-
CA Server in DC can listen 636 and 3269 via LDP ; we no need any additional steps for that. Is this behaviour for That DC(Cert Sever) or all the DCs?
Mean all the DCS are able to connect 636 and 3269 via ldp?
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
-
I have configured a ent. cert. server in a DC & 636 and 3269 are listening in all the DCs due to DC certificate.
If we are configured a ent. cert. server in a member server then we have to import a cert in all the DCs for listening the 636 and 3269.
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Marked as answer by bshwjt Saturday, July 06, 2013 9:56 AM