Custom Secure LDAP Certificates for DCs with Remote Desktop Authentication policy
Hi
With DCs we have 2 certificates (2 Certificate templates with CA server) with Auto Renewal through GPO, one for custom secure LDAP and another for RDP. But since both certificates are placed with Personal Certificate folder, we are facing issues with RDP and also with some applications which uses secure LDAP. Below are the existing setup
• Existing RDP GPO uses “RDAuthentication” certificate template.
• With CA, we have certificate template to issue certificate to DCs to be used for LDAPS with multiple SANs. Once the new certificate for LDAP is generated and placed with DC Personal folder, we moved existing RDP certificate from Personal to Remote desktop folder. Whenever we move RDP certificate from personal to Remote Desktop folder, all DCs got new RDP certificate from RDP certificate template and placed with Personal folder (GPO is configured for certificate auto renewal) and this cause issues with RDP connection & many applications failed to communicate securely with DCs (over LDAPS).
So below are our options
Either include "Remote Desktop Authentication" with custom LDAP certificate template along with KDC Authentication, Server Authentication, Client Authentication & Smart Card logon :- is this supported?
If it’s supported and recommended, then we can create a new RDP GPO just for DCs with the Certificate template name of LDAP template instead of “RDAuthentication” which is general for all servers
Or if it's not supported, is there a way to renew & place certificates for RDP with Remote Desktop certificate folder instead of placing it with Personal folder.
Thank You all