August 2019
Intermediate to advanced
786 pages
20h 22m
English
Content preview from Mastering Active Directory - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Publishing the root CA data to AD
In the preceding screenshot, we see that we have two files. One ends with .crt. This is the root CA certificate. In order to distribute it to other clients in the domain, it first needs to be published to AD. To do that, go ahead and copy this file from the root CA to the AD server. Then, log into the domain controller as Domain Admin or Enterprise Admin and run the following command:
certutil –f –dspublish "REBEL-CRTROOT_REBELAdmin Root CA.crt" RootCA
The next file ends with .crl. This is the root CA's CRL. This also needs to be published to AD, so that everyone in the domain is aware of it, too. In order to do that, copy the file from the root CA to the domain controller and run the following command: