Certificate Authorities
Last updated
Was this helpful?
Last updated
Was this helpful?
The Certificate Authorities page provides a list of enumerated certificate authorities in entire Acitve Directory. The list contains the Host Computer, Root CA, Enterprise CA, Enrollee Suplies Subject, Risk Score ,Exposure Point and Issue Counts columns.
Details page contains the Risk Score of the certificate authority, Exposure Point, Information and Issues panes.
You can analyze objects in the Graph module by clicking the Visualize button on the upper left side of the Information Pane.
Information Pane can contain different badges to highlight important attributes.
Admin
Indicates that the object is Admin.
Information Pane contains Details, Certificate Templates, CA Certificates, Enrollment Agent Restrictions, and Certificate Manager Restrictions tabs respectively.
Details tab contains attributes below about certificate authority object.
Display Name
The display name for an object. (LDAP Display Name: displayName)
Enterprise CA Name
Name of the CA server, specified in the ADCS installation.
Distinguished Name
Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)
CA Certificate DN
Full distinguished name from the CA certificate.
DNS Host Name
Fully qualified domain name of computer as registered in DNS. (Ldap Display Name: dNSHostName)
Full Name
Combination of the DNSHostName and the Name of the certificate authority.
Created Time
The date when this object was created. (Ldap Display Name: whenCreated)
Last Changed Time
The date when this object was last changed. (Ldap Display Name: whenChanged)
Computer
FSName of the computer that contains the certificate authority instance.
Root CA
Whether the certificate authority is an root certificate authority instance. The root certificate authorities are the first and may be the only certificate authorities configured in a Public Key Infrastructure(PKI) hierarchy.
Enterprise CA
Whether the certificate authority is an enterprise certificate authority instance. Enterprise certificate authorities are domain members and typically online to issue certificates or certificate policies.
Enrollee Supplies Subject
Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to any certificate template that is published by this certificate authority server has been allowed.
CA Flags
The certificate authority flags attribute stores the bitwise combination of the certificate authority server's capabilities.
Allow Web-Based Enrollment Methods
Whether the certificate authority server supports web-based enrollment for the clients.
CA Web Enrollment URLs
Certificate authority web enrollment url addresses of the certificate authority.
Certificate Enrollment Web Service URLs
Certificate enrollment web service url addresses of the certificate authority.
Certificate Enrollment Policy Web Service URLs
Certificate enrollment policy web service url addresses of the certificate authority.
Network Device Enrollment Service URLs
Network device enrollment url addresses of the certificate authority.
Certificate templates tab constains a list of certificate templates that generated on the certificate authority. This list also contains Allow Domain Authentication, Enrollee Supplies Subject and Require Manager Approval columns.
CA Certificates tab constains a list of certificate authority certificates that belongs to the certificate authority. This list also contains Root Certificate and In NT Auth Store columns.
Enrollment Agent Restrictions tab constains a list of enrollment agent restriction definitions on the certificate authority. This list constains Enrollment Agent, Template, On Behalf Of and Access columns.
Certificate Manager Restrictions tab contains a list of certificate manager restriction definitions on the certificate authority. This list contains Certificate Manager, Template, Principal and Access columns.
Issues pane contains identified issues on the certificate authority object.
