Set up Amazon Private CA Connector for AD - Amazon Directory Service
PrerequisitesSetting up Amazon Private CA Connector for ADView your Amazon Private CA Connector for ADVerify certificate issuance to AD users
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Set up Amazon Private CA Connector for AD

You can integrate your self-managed Active Directory with Amazon Private Certificate Authority using AD Connector to issue and manage certificates for your AD domain-joined users, groups, and machines. Amazon Private CA Connector for AD provides a fully managed Amazon Private CA as a drop-in replacement for your self-managed enterprise CAs without requiring you to deploy, patch, or update local agents or proxy servers.

You can set up this integration through the Amazon Directory Service console, the Amazon Private CA Connector for AD console, or by calling the CreateTemplate API. To use the Amazon Private CA Connector for Active Directory console, see Amazon Private CA Connector for Active Directory. The following sections describe how to set up this integration from the Amazon Directory Service console.

Prerequisites

For setup instructions, see Set up Connector for AD in the Amazon Private CA Connector for AD User Guide.

Setting up Amazon Private CA Connector for AD

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. On the Directories page, choose your directory ID.

  3. Under the Application Management tab and Amazon apps & services section, choose Amazon Private CA Connector for AD. The page Create Private CA certificate for Active Directory appears. Follow the steps on the console to create your Private CA for Active Directory connector to enroll with your Private CA. For more information, see Creating a connector.

  4. After you create your connector, the following steps walks you through how to view details the Amazon Private CA Connector for AD including the connector’s status and the associated Private CA’s status.

View your Amazon Private CA Connector for AD

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. On the Directories page, choose your directory ID.

  3. Under Application Management tab and Amazon apps & services section, you can view your Private CA connectors and associated Private CA. By default, you see the following fields:

    1. Amazon Private CA Connector ID — The unique identifier for an Amazon Private CA connector. Selecting it leads to the details page of that Amazon Private CA connector.

    2. Amazon Private CA subject — Information about the distinguished name for the CA. Clicking on it leads to the details page of that Amazon Private CA.

    3. Status — Based on a status check for the Amazon Private CA Connector and the Amazon Private CA. If both checks pass, Active displays. If one of the checks fails, 1/2 checks failed displays. If both checks fail, Failed displays. For more information about a failed status, hover over the hyperlink to learn which check failed. Follow the instructions in the console to remediate.

    4. Date created — The day the Amazon Private CA Connector was created.

For more information, see View connector details.

Verify certificate issuance to AD users

Complete the following steps to confirm that Amazon Private CA is issuing certificates to your self-managed Active Directory:

  • Restart your on-premises domain controllers.

  • View your certificates with Microsoft Management Console. For more information, see Microsoft documentation.