[ailurooo]

https://www.amazon.com/gp/product/B010EUQPPY?psc=1 I started with this book. But honestly there's just alot of reading to do to setup the root cert correctly and supportable going forward. Like the default root cert has too low of ... numbers..There's stuff you want to customize when setting up the root cert that MS doesn't specify and it's kinda a major nightmare, i recommend doing a lab environment and testing.

Likely people who install a CA on a DC don't know admining and therefore i would recommend setting up a new cert. And/or ask why you're even using a certificate authority in the first place. As kerberos authentication between windows is really solid even without a cert authority.

[lax4ever]

Yeah, unfortunately some of our workstations are MacOS and Linux based, so I can't solely rely Kerberos, we have to have LDAP (ideally LDAPS) involved. We were also advised by our email provider that they have used it for the company's Exchange provider but that was set up before I joined the company and I am not really seeing evidence of a cert being issued for that purpose, though I very well could have missed it.

[ailurooo]

Mmm do you use s/mime for your email? You can usually tell from outlook and such.

[lax4ever]

That's the part that confuses me, is we don't currently utilize S/MIME from everything that I can see.