DA Cert Renewal RRS feed

  • Question

  • Hi Guys,

    I am still figuring DA out but have been thrown in the deep end and it has come to light that our self-signed certs are about to expire.  Any advice on the following would be a great help.


    This is our set up for DA

    • IP-HTTPS – RA Server setup = Purchased from a CA and replaced cert that was expiring
    • NLS = Self signed cert that was created when DA was setup on the server.  This cert is applied through GPO for client configuration.  It is used for the bindings on port 443 for all 3 options
    • RADIUS = Not sure if that’s applied anywhere (We use Microsoft MFA so I guess OTP aren’t used?)


    If the NLS cert expires will that drop all users who connect via DA until its renewed or replaced? Given it’s the cert that is specified through the GPO?

    Can a cert be purchased to replace the NLS self cert or does this have to be generated on the server itself for DA to work?  Will this stop the users dropping out and having to connect to the domain to get the GPO?


    We have about 90% of our staff using DA to connect during the COVID-19 outbreak as they are working remotely so this has got me worried.  Not all users have wired/wireless connectivity to connect to the domain and the building is shut.


    Wednesday, April 1, 2020 12:15 PM