Hi Herman, again, thank you very much for answering.
I did tests in an isolated environment of tests in a laboratory and everything worked correctly with a Server like Domain controller and CA in the same server, so if all my tests worked for me; The point in the production scenario is that the Domain Controller has been having problems for all the Roles that already exist and the client does not want to add another point of failure or something to fail when installing it in the Domain Controller.
I already made the import of the certificate in the "Trust list" of Clearpass and in the Domain Controller I have already made the import of the same certificate in the folder of the certificates: trusted root certification entities and Personal, but I still give the same error because when trying to search the domain controller tree with AD over SSL security I get the error that there is no communication.
I will try with the Openssl command to identify who is using that port or what certificate it is. I can run it from any pc in the domain, right? or does it have to be specifically in the Domain Controller?
- According to what I have found on the internet, they indicate that I should only import the certificate in the Domain Controller, but it has not worked for me.
-I understand that the best and easiest practice is to do CA to the Domain Controller since at the moment it did not let me put it as "Entreprise" and I had to put it as "Standalone" in the installation process since it is not the Domain Controller, and to have been the Domain Controller if the "Enterprise" option had appeared in the installation process.
-In Standalone mode the CA at the time of uploading to http: // ip-server-ca / certsrv here I charge the CSR request of Clearpasss but it does not give me the option to select "Web Server" template since that also I lose it to the not being the Domain Controller for what I understand and being "Standalone" does not appear the "Template" and I can not give that Template to the Clearpass CSR, so I think that may also affect.
I appreciate your time, Herman.
Thank you.
Greetings.