This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 19%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
Like the question says, is this possible? We are on a 2012 R2 functional level. And our domain is .local.
If we import an external cert, will that overwrite the Domain cert all together? In which case, I would think that information would propagate out the all the devices. But I would also think that an external cert that is not .local would cause issues with trust in the domain?
We have a vendor that wants to use ldaps for user permissions in their application. I'm trying to get all the info I can before I make any suggestions or decisions.
Charles
Answer accepted by question author
DigiCert will never issue you a certificate for .local domain, because you don't own it. The certificate must include actual domain name in SAN extension and it is possible only for private CA, not commercial CA such as DigiCert. This means that DigiCert is not an option for you at all, you have to use internal CA to issue LDAPS certificates.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
if the information was helpful provided by Crypt32 ,you can mark it as answer to end this post.
If there is anything else we can do for you, please feel free to post here.
Best Regards,
That's what I was expecting to hear. Thank you for that information.
Charles
