Microsoft
Microsoft
MicrosoftDavid Bargna
I just saw your other question: "We can really use any cert template with server with for the ldaps cert, we were just wondering if we could have a single cert on all dcs."
I assume you are asking if you create one certificate and import it to all Domain controllers is that a good thing. Well, that situation is not ideal. You have one private/public key pair that is installed on multiple systems. It is going to expire on all systems at the same time, so they have to all be replaced at the same time as well.
Its kind of along the same lines of using a single wildcard certificate on hundreds of web servers. is it ideal no. Is it less secure yes. This is really a question for your security team and how much risk they are OK with.
It is something that we at Microsoft would NOT give you a big thumbs up about, and we would tell you that if your company is OK with the risk that comes with doing something like this, then yes technically it does work, but it is not good from a security standpoint.