![]() For more information about PKIView, see the Microsoft Windows Server 2003 Resource Kit Tools documentation. This article discusses this latter functionality. The tool can also manage important PKI containers, such as root CA trust and NTAuth stores, that are also contained in the configuration partition of an Active Directory forest. You can use PKIView to discover all PKI components, including subordinate and root CAs that are associated with an enterprise CA. PKIView displays the status of Windows Server 2003 CAs that are installed in an Active Directory forest. If they aren't working correctly, or they're about to fail, PKIView provides a detailed warning or some error information. Then it validates the certificates and CRLs to ensure that they're working correctly. PKIView gathers information about the CA certificates and certificate revocation lists (CRLs) from each CA in the enterprise. It's available as part of the Windows Server 2003 Resource Kit Tools. It displays the status of one or more Microsoft Windows CAs that comprise a PKI. PKI Health Tool (PKIView) is an MMC snap-in component. Method 1 - Import a certificate by using the PKI Health Tool There are two supported methods to append a certificate to this attribute. The Lightweight Directory Access Protocol (LDAP) distinguished name is similar to the following example:ĬN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=MyDomain,DC=comĬertificates that are published to the NTAuth store are written to the cACertificate multiple-valued attribute. The NTAuth store is an Active Directory directory service object that is located in the Configuration container of the forest. Windows CAs automatically publish their CA certificates to this store.Īpplies to: Windows Server 2016, Windows Server 2012 R2 Original KB number: 295663 More information By publishing the CA certificate to the Enterprise NTAuth store, the Administrator indicates that the CA is trusted to issue certificates of these types. This process is required if you're using a third-party CA to issue smart card logon or domain controller certificates. There are two methods you can use to import the certificates of third-party CAs into the Enterprise NTAuth store. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |