Set up Amazon Private CA Connector for AD - Amazon Directory Service
PrerequisitesSetting up Amazon Private CA Connector for ADView your Amazon Private CA Connector for ADVerify certificate issuance to AD users
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Set up Amazon Private CA Connector for AD

You can integrate your self-managed Active Directory with Amazon Private Certificate Authority using AD Connector to issue and manage certificates for your AD domain-joined users, groups, and machines. Amazon Private CA Connector for AD provides a fully managed Amazon Private CA as a drop-in replacement for your self-managed enterprise CAs without requiring you to deploy, patch, or update local agents or proxy servers.

You can set up this integration through the Amazon Directory Service console, the Amazon Private CA Connector for AD console, or by calling the CreateTemplate API. To use the Amazon Private CA Connector for Active Directory console, see Amazon Private CA Connector for Active Directory. The following sections describe how to set up this integration from the Amazon Directory Service console.

Prerequisites

For setup instructions, see Set up Connector for AD in the Amazon Private CA Connector for AD User Guide.

Setting up Amazon Private CA Connector for AD

To create a Private CA connector for Active Directory

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. On the Directories page, choose your directory ID.

  3. Under the Application Management tab and Amazon apps & services section, choose Amazon Private CA Connector for AD.

  4. On the Create Private CA certificate for Active Directory page, complete the steps to create your Private CA for Active Directory connector.

For more information, see Creating a connector.

View your Amazon Private CA Connector for AD

To view Private CA connector details

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. On the Directories page, choose your directory ID.

  3. Under the Application Management tab and Amazon apps & services section, view your Private CA connectors and associated Private CA. The following fields display:

    1. Amazon Private CA Connector ID – The unique identifier for a Amazon Private CA connector. Choose it to view the details page.

    2. Amazon Private CA subject – Information regarding the distinguished name for the CA. Choose it to view the details page.

    3. Status – Status check results for the Amazon Private CA Connector and Amazon Private CA:

      • Active – Both checks pass

      • 1/2 checks failed – One check fails

      • Failed – Both checks fail

      For failed status details, hover over the hyperlink to see which check failed.

    4. DC Certificates Enrollment status – Status check for domain controller certificate status:

      • Enabled – Certificate enrollment is enabled

      • Disabled – Certificate enrollment is disabled

    5. Date created – When the Amazon Private CA Connector was created.

For more information, see View connector details.

Verify certificate issuance to AD users

Complete the following steps to confirm that Amazon Private CA is issuing certificates to your self-managed Active Directory:

  • Restart your on-premises domain controllers.

  • View your certificates with Microsoft Management Console. For more information, see Microsoft documentation.