If you reopen the "Active Directory Sites and Services" console, you will see that data about your enterprise certification authorities has been automatically stored in your Active Directory infrastructure.
If you go to the "Services -> Public Key Services -> Certification Authorities" folder, you will only see your standalone root CA.
On the other hand, if you go to the "Services -> Public Key Services -> AIA" folder, you will see that your root certificate authority will appear, as well as a secondary certificate authority.
However, as you can see, we only see CAs located in Brussels (in our case), because we opened this console on our "brux-dc1" server.
Given that the replication of Active Directory data is not instantaneous between different Active Directory sites, it's normal that the certification authority of the remote site (Paris in our case) doesn't appear for the moment.
In the "Services -> Public Key Services -> CDP" folder, you will find 2 folders :
If we open this console on a domain controller of the remote site, we can see that our root certification authority is present in the "Certification Authorities" folder.
In the "AIA" folder, we can see our root CA from Brussels and the secondary CA from Paris.
On the other hand, the secondary certification authority of Brussels doesn't appear for the moment, because the data has not yet been replicated by Active Directory from Brussels.
In the "CDP" folder, we can see :
As you have seen previously :
For the data of your 2 secondary certification authorities to be present regardless of the Active Directory site where you are, all you have to do is wait or force the replication of data from one Active Directory site to another.
To do this, open the "Active Directory Sites and Services" console and select :
In our case, we are going to update our "brux-dc1" domain controller from the "paris-dc1" domain controller.
To do this, right-click on the connection object on the right and click : Replicate Now.
As you can see, Active Directory Domain Services will try to replicate these connections.
Do the same to also replicate the data in the other direction.
Thus, what is only in Paris will be copied in Brussels and what is only in Brussels will be copied in Paris.
In the end, you will have the information for Paris and Brussels on your 2 physical sites.
Important : replication is not instantaneous. You may have to wait up to 1 minute for data to be fully replicated from one Active Directory site to another.
Once the Active Directory data is replicated, you will see your root certification authority appear in the "Certification Authorities" folder.
In the "Services -> Public Key Services -> AIA" folder, you will see :
In the "Services -> Public Key Services -> CDP" folder, you will find 3 folders :
In the "brux-root-ca" folder, we find the certificate revocation list of our root certification authority located in Brussels.
In the "brux-sub-ca" folder, we find the certificate revocation list of our secondary certificate authority located in Brussels.
And finally, in the "paris-sub-ca" folder, we find the certificate revocation list of our secondary certification authority located in Paris.
Now that all the information concerning your certification authority is on all the Active Directory sites of your infrastructure, restart your client PCs if necessary, then open an "mmc" console.
In this "mmc" console, add the "Certificates" component for the local computer or the current user (depending on your rights on this client PC) and go to the "Trusted Root Certification Authorities" folder.
As you can see, your standalone root CA certificate is in this certificate list.
If you go to the "Intermediate Certification Authorities" folder, you will find your standalone root CA's certificate, as well as those of your enterprise subordinate CAs.
Your client PCs and your servers therefore trust the certificates issued by your various certification authorities.
Windows Server 8/15/2014
Windows Server 12/8/2023
Windows Server 10/27/2023
Windows Server 9/15/2023
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
No comment