Hello Everyone,
we have a design that a customer would want to deploy for a two tier hierarchy AD CS, the problem is I cant figure out the configuration between the two issuing certificate and the DNS especially on the CRL, and the load balancer, as anyone done this or have an article with the steps i could take.
assistance will be highly appreciated as i am stuck.
Below image is how the arch should be
Your image is really small but correct me if i'm wrong but you want to implement a 2-tier certificate authority with a stand alone Root CA (not member of a domain)
For the issuing CA, you would like to configure 2 issuing CA behind a load balancer, am i right ?
If it 's the case, AFAIK, the only supported configuration for a high availability solution is to configure a failover cluster for you issuing CA (CA Service)
The CRL / AIA can be load balanced on a web server
ref:
(https://social.technet.microsoft.com/wiki/contents/articles/9256.active-directory-certificate-services-ad-cs-clustering.aspx)
https://social.technet.microsoft.com/wiki/contents/articles/7421.active-directory-certificate-services-ad-cs-public-key-infrastructure-pki-design-guide.aspx#Achieving_Scalability_and_High_Availability
17 people are following this question.
