Working with a Single Certificate Authority for UNIX Computers

The Verify Privilege Server Suite Agent uses the Microsoft Windows public key infrastructure (PKI) to obtain the certificates used by your Verify Privilege Server Suite-managed UNIX or Linux computers that are joined to a domain. By joining to the domain, these computers become eligible for auto-enrollment.

The most basic configuration of the Windows PKI environment utilizes a Windows server as the Certificate Authority (CA) that issues and manages security credentials and public keys through the exchange of encrypted digital certificates. The Verify Privilege Server Suite Agent then uses the Microsoft Windows certificate auto-enrollment feature of the Certificate Authority to make certificates available to UNIX computers.

This section describes how to set up a basic environment that has a single, enterprise root Certificate Authority (CA). In this scenario, the Certificate Authority is a Microsoft Enterprise Certificate Server that issues all certificates. In a production environment, you may have more complex requirements that include multiple CAs configured for a domain. However, setting up this sample environment should give you enough information to extend your PKI configuration to a more complex environment.

The Verify Privilege Server Suite Agent requires a Microsoft Windows Server to be configured as the Certification Authority (CA) for the Active Directory forest. Additionally, auto-enrollment is not supported for certificates issued by other public or private Certificate Authority services or organizations.