If a Certificate Enrollment Web Service (CES) is operated in the network, it is necessary to use the "Migration of an Active Directory integrated certification authority (Enterprise Certification Authority) to another server" requires that the configuration of the CES is adapted to the new situation.
A configuration string (Config String) is stored in the configuration of the CES, which contains the server name of the connected certification authority. If this changes, the configuration must be adjusted accordingly.
First, the Internet Information Services (IIS) Manager must be invoked on the CES server.
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Then navigate to the "Default Web Site" and there to the appropriate subfolders for the CES of the corresponding certification authority.
The change must be adjusted for all CES addresses of the migrated certification authority.
The "Application Settings" option is then called up.
The setting you are looking for can be found in the "CAConfig" entry, which can now be edited by clicking on "Edit...".
The value must be changed accordingly to the new server name. The syntax for the config string is:
{FQDN-of-the-certification-body>\{common-name-of-the-certification-body>
English 
Deutsch
One thought on “Den Zertifikatbeantragungs-Webdienst (CES) nach der Migration einer Zertifizierungsstelle auf einen neuen Server anpassen”
Comments are closed.