Daniel Benway
Daniel Benway 30.05.2020 00:11 (GMT+3) Test web server SSL/TLS protocol support with PowerShell

Very useful! Thank you!

Brett McClellan
Brett McClellan 29.05.2020 18:25 (GMT+3) How to remove expired user certificates from Active Directory

Do you now how i could delete all certificates published to AD from a specific Template?  I don't wnat to delete all the certificates published in AD USer accounts, just certificates that were created with a specific CA Template.



Vadims Podāns
Vadims Podāns 28.05.2020 13:49 (GMT+3) Certificate Autoenrollment in Windows Server 2016 (part 3)

@Fabio Teles,

Client authentication doesn't require the presence of certificate in Active Directory. If user uses multiple computers, then user must have a copy of signing certificate on each computer, or use removable storage as smart card. In the case of smart card, you can have single copy of client authentication certificate to use on any supported deivce.

Fabio Teles
Fabio Teles 28.05.2020 13:07 (GMT+3) Certificate Autoenrollment in Windows Server 2016 (part 3)

Hello Vladimis,

First of all thank you so much for this valuable information. I checked your answer regarding Publish Certificates to Active Directory and I have a question. I'm preparing a Always On VPN solution with user certificates. In this case, if I publish them on Active DIrectory does it work when the user has 2 computers (one desktop and one laptop). I'm just trying to avoid duplicated certificates, on machines that the user "own" but also when he connects to another computer for some specific reason.

Yes, I have the Email and EFS extension, and also cliente authentication. Is this best practice or, at least work? Any downsize?

Thank you in advance!

Sam 27.05.2020 15:04 (GMT+3) Certificate Autoenrollment in Windows Server 2016 (part 2)

Thanks Vadims

We have a clustered CA it seems to be only issuing 6/7 a min which is what im trying to troubleshoot the lack of performance seems to be giving serious issues.  I can see lots of connections coming in from machines on TCPView but then only seems to handle so many then stops responding. Under normal  work load seems not too bad but when new requirements are implemented which might be several thousand new certs it starts to fall over.