How can I authenticate to Windows Active Directory using a Certificate

Question

How can I authenticate to Windows Active Directory using a Certificate

Charlie Melga 126

Hello

Can someone please answer the following for me, I understand how AD works and Kerberos

What I do not understand is how can I authenticate the Windows Active Directory using an Certificate (e.g. Client Authentication X509 cert) rather than a username and password?

Also once authenticated using a certificate will I get a TGT back?

Are there any utilities I can use to test this?

Thanks very much
CXMelga

Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-11T13:14:47.897+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

1 answer

Your answer

Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-11T13:14:47.897+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

Answer 1

Anonymous

Hello @Charlie Melga ,

Thank you for posting here.

For Certificate authentication to Windows Active Directory, you need CA (Windows CA or non-Windows CA or third-party CA) server, certificates and smart card.

For more information, please refer to link below.

Guidelines for enabling smart card logon with third-party certification authorities
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities

ADCS Step by Step Guide: Single Tier PKI Hierarchy Deployment
https://social.technet.microsoft.com/wiki/contents/articles/11750.adcs-step-by-step-guide-single-tier-pki-hierarchy-deployment.aspx

AD CS Step by Step Guide: Two Tier PKI Hierarchy Deployment
https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx

Hope the information above is helpful to you.

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Charlie Melga 126 Reputation points

2021-07-20T09:38:36.757+00:00

Hello Daisy

Thanks for coming back to me on my question, I was wondering are you aware of a utility or tool I can use to test certificate based authentication against active directory?
e.g. rather than using the users username and password

Basically I am looking for a utility or tools which I can use after I have logged on, to then test certificate based authentication for some test users

Thanks
CXMelga
Anonymous

2021-07-21T07:48:17.753+00:00

Hello @Charlie Melga ,

Thank you for your reply.

I am sorry, I don’t know such a utility or tool, and I’m not sure if there is such a utility or tool.

We hope some experts from Community Expert or MVP can provide some helpful information in this thread.

Thank you for your understanding and support.

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Share via

How can I authenticate to Windows Active Directory using a Certificate

1 answer

Your answer