Very useful! Thank you!
Do you now how i could delete all certificates published to AD from a specific Template? I don't wnat to delete all the certificates published in AD USer accounts, just certificates that were created with a specific CA Template.
Client authentication doesn't require the presence of certificate in Active Directory. If user uses multiple computers, then user must have a copy of signing certificate on each computer, or use removable storage as smart card. In the case of smart card, you can have single copy of client authentication certificate to use on any supported deivce.
First of all thank you so much for this valuable information. I checked your answer regarding Publish Certificates to Active Directory and I have a question. I'm preparing a Always On VPN solution with user certificates. In this case, if I publish them on Active DIrectory does it work when the user has 2 computers (one desktop and one laptop). I'm just trying to avoid duplicated certificates, on machines that the user "own" but also when he connects to another computer for some specific reason.
Yes, I have the Email and EFS extension, and also cliente authentication. Is this best practice or, at least work? Any downsize?
Thank you in advance!
We have a clustered CA it seems to be only issuing 6/7 a min which is what im trying to troubleshoot the lack of performance seems to be giving serious issues. I can see lots of connections coming in from machines on TCPView but then only seems to handle so many then stops responding. Under normal work load seems not too bad but when new requirements are implemented which might be several thousand new certs it starts to fall over.
© 2008 - 2020 - Sysadmins LV. All rights reserved