Correct specification of the AD CS – CA name

Appterix offers the possibility of connecting your AD CS for certificate enrollment on YubiKeys.

For installing the AD certification authority connection, you can find instructions here: AD CS connection

Specify the CA name

If you only use one CA, you do not need to make an entry in the CA Name . make

To specify the CA name in the corresponding fields, it is recommended to enter it as follows:

By default, the naming convention in AD CS follows the pattern DomainName-CAHostName-CA. Often, separate CA names are chosen for security reasons.

If you want to find out the name of the Certification Authority (CA) in your Windows Active Directory Certificate Services (AD CS), there are several ways:

Certification Authority Console

Open the Certification Authority Management Console:
certsrv.msc
(Press Win + R, type certsrv.msc and press Enter).

You will see the name of the certificate authority at the top of the window.

command prompt

Open the command prompt (cmd) as administrator. Type the following command and press Enter:
powershell
certutil -dump

The name of the certificate authority is displayed under “CA Name” or “CA Configuration”.

Important instructions

Some CAs don't support LDAPS. Therefore, try your verifications with and without the LDAPS checkbox.
The CA names specified in the AD Sync Control Panel must be identical to those used in the user import in the EM Platform.

Published16 May 2025

Updated21 May 2025

FromEgoMind