Windows SSO kerberos (feedback)

kerberos
windows
sso

#1

Hello

@heidelberger can you explain how can we have a validate certificate (recommended way) for an internal domain. In this post you have a note that this only will work with a valid certificate, right? I’m assuming that only for add the domain to the trust sites don’t override the certificate validation…

Should we use lets encription to overcome that or pass/install in the computers clients the ucs certificate to do that?

Thanks


#2

Hey @codedmind,

the domaincontroller master in your UCS domain automatically generates certificates for all UCS servers joined to the domain by default using it’s own certificate authority.
The easiest way to make clients trust these certificates is to import the root CA of your domain on your clients.
I’ve written a KB article on doing that for Windows clients: How to import UCS root CA on Windows clients

Best regards