Server certificate for DC - can I have more than one ?

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Hi , I need to run secure LDAPS on a DC. The certificate ( request ) is
generated using the IIS on the DC and server certificate was granted by a
standalone CA.

My questions are :

1) My experience is that after installed a certificate I have to re-boot the
server ( win 2K ) before the certificate could "take effect" , is this
correct and why ? Example , I have delete a certificate and installed with
a new one ( before it is expired ), but when users connected to it , they
said they could connect and the certificate is the same old one ?

2) Can I have more than one certificate for the same server which have the
same "CN" name , both of them enabled with "All purpose" but with a
different expiration date ? ( Or it has to be a different CN name ? E.g
WWW.servername.domain.com and servername.domain.com)

Any explanation highly appreciated.

Jason
1 answer Last reply
More about server certificate
  1. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

    Jason,

    My experience with #1 is that you can put a certificate in whiel the server
    is up.

    Not sure about #2, though I don't see why not.

    --
    --Brian Desmond
    Windows Server MVP
    desmondb@payton.cps.k12.il.us

    www.briandesmond.com
    "Jason" <jasons@hotmail.com> wrote in message
    news:%23$0PZZ1%23EHA.3260@TK2MSFTNGP14.phx.gbl...
    > Hi , I need to run secure LDAPS on a DC. The certificate ( request ) is
    > generated using the IIS on the DC and server certificate was granted by a
    > standalone CA.
    >
    > My questions are :
    >
    > 1) My experience is that after installed a certificate I have to re-boot
    > the server ( win 2K ) before the certificate could "take effect" , is
    > this correct and why ? Example , I have delete a certificate and
    > installed with a new one ( before it is expired ), but when users
    > connected to it , they said they could connect and the certificate is the
    > same old one ?
    >
    > 2) Can I have more than one certificate for the same server which have the
    > same "CN" name , both of them enabled with "All purpose" but with a
    > different expiration date ? ( Or it has to be a different CN name ? E.g
    > WWW.servername.domain.com and servername.domain.com)
    >
    > Any explanation highly appreciated.
    >
    > Jason
    >
Ask a new question

Read More

Servers Microsoft Certificate Active Directory Windows