Score:0

AD Certificate Services - Add a new domain?

cn flag

My AD domain name is domainname.local. I have Certificate Services set up to issue certs for this domain.

I now want to add domainname.com as an AD integrated zone and have Certificate Services issue certificates for this new domain as well.

Is it possible to do this? If yes, where do I begin? Any thoughts would be most appreciated. Thanks.

Score:2
jo flag

Names on certificates issued by servers running AD Certificate Services (or any certificate authority, really) are (or can be) completely unrelated to any namespace in DNS or Active Directory. There is generally nothing requiring they be linked.

If I choose to, I can issue a certificate from my internal certificate authority for serverfault.com or google.com. All you have to do is supply that information in the request.

You can see evidence of this everyday by checking the issuer of every secure site you visit and see that the certificate is (usually) issued by an entity that has no relationship to the name on the cert.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.