Essential Certificates for CBE Setup
Ensure these two certificates are properly configured before deployment.
CA Root Certificate
Purpose: Validates all user/machine certificates issued by your internal PKI.
Requirements:
β Issued by your Microsoft ADCS or internal CA
β Must be trusted by all devices (deployed via GPO or MDM)
Public TLS Certificate
Purpose: Secures communication (HTTPS, LDAPS) for your domain.
Requirements:
β Issued by a public CA (e.g., DigiCert, Sectigo, Entrust)
β SANs Included: Cover all relevant domains (e.g., authn.yourdomain.com)
β Key Usage: Must include Server Authentication
