Set up Amazon Private CA Connector for AD - Amazon Directory Service
To set up Amazon Private CA Connector for ADTo view Amazon Private CA Connector for AD
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Set up Amazon Private CA Connector for AD

You can integrate your Amazon Managed Microsoft AD with Amazon Private Certificate Authority (CA) to issue and manage certificates for your Active Directory domain joined users, groups, and machines. Amazon Private CA Connector for Active Directory allows you to use a fully managed Amazon Private CA drop-in replacement for your self-managed enterprise CAs without the need to deploy, patch, or update local agents or proxy servers.

Note

Server-side LDAPS certificate enrollment for Amazon Managed Microsoft AD domain controllers with Amazon Private CA Connector for Active Directory is not supported. To enable server-side LDAPS for your directory, see How to enable server-side LDAPS for your Amazon Managed Microsoft AD directory.

You can set up Amazon Private CA integration with your directory through the Directory Service console, the Amazon Private CA Connector for Active Directory console, or by calling the CreateTemplate API. To set up the Private CA integration through the Amazon Private CA Connector for Active Directory console, see Creating a connector template. See below for steps on how to set up this integration from the Amazon Directory Service console.

To set up Amazon Private CA Connector for AD

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. On the Directories page, choose your directory ID.

  3. Under the Network & Security tab, under Amazon Private CA Connector for AD, choose Set up Amazon Private CA Connector for AD. The page Create Private CA certificate for Active Directory appears. Follow the steps on the console to create your Private CA for Active Directory connector to enroll with your Private CA. For more information, see Creating a connector.

  4. After you create your connector, follow the steps below to view details, including the connector’s status and the associated Private CA’s status.

To view Amazon Private CA Connector for AD

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. On the Directories page, choose your directory ID.

  3. Under Network & Security, under Amazon Private CA Connector for AD, you can view your Private CA connectors and associated Private CA. By default, you see the following fields:

    1. Amazon Private CA Connector ID — The unique identifier for an Amazon Private CA connector. Clicking on it leads to the details page of that Amazon Private CA connector.

    2. Amazon Private CA subject — Information about the distinguished name for the CA. Clicking on it leads to the details page of that Amazon Private CA.

    3. Status — Based on a status check for the Amazon Private CA Connector and the Amazon Private CA. If both checks pass, Active displays. If one of the checks fails, 1/2 checks failed displays. If both checks fail, Failed displays. For more information about a failed status, hover over the hyperlink to learn which check failed. Follow the instructions in the console to remediate.

    4. Date created — The day the Amazon Private CA Connector was created.

For more information, see View connector details.