question

CharlesWhite-6006 avatar image
0 Votes"
CharlesWhite-6006 asked CharlesWhite-6006 commented

Is it possivle to have a domain controller with an internal (domain CA) and external (Digicert) cert?

Like the question says, is this possible? We are on a 2012 R2 functional level. And our domain is .local.

If we import an external cert, will that overwrite the Domain cert all together? In which case, I would think that information would propagate out the all the devices. But I would also think that an external cert that is not .local would cause issues with trust in the domain?

We have a vendor that wants to use ldaps for user permissions in their application. I'm trying to get all the info I can before I make any suggestions or decisions.

Charles

windows-server-security
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Crypt32 avatar image
0 Votes"
Crypt32 answered CharlesWhite-6006 commented

DigiCert will never issue you a certificate for .local domain, because you don't own it. The certificate must include actual domain name in SAN extension and it is possible only for private CA, not commercial CA such as DigiCert. This means that DigiCert is not an option for you at all, you have to use internal CA to issue LDAPS certificates.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image FanFan-MSFT ·

if the information was helpful provided by Crypt32 ,you can mark it as answer to end this post.
If there is anything else we can do for you, please feel free to post here.

Best Regards,

0 Votes 0 ·
CharlesWhite-6006 avatar image CharlesWhite-6006 ·

That's what I was expecting to hear. Thank you for that information.

Charles

0 Votes 0 ·