Greetings,
Environment: Single forest, single domain, 3 DC's, DC1 holds all FSMO
rolls, all DC's GC's, BIND DNS. All DCs w2k3 SP1, FFL/DFL are w2k3.
We are investigating, in the lab, migrating some Java apps to use AD for
auth (using the Java LDAP libraries that support SSL).
We do not currently run a CA.
Can i install a stand alone CA, request a cert and install it on the
DCs? Or does it need to be an Ent. CA?
Also, if using 3rd party certs do i need one for *each* DC? I'm fairly
certain that the answer is "yes" .. just checking.
Also also, if anyone has figured out a way to use OpennSSL to generate a
proper self-sgned cert for a DC i'd love to hear it (i've used these for
IIS following http://eal.us/blog/_archives/2003/6/2/25109.html ).
tia,
john
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
