Hello everybody, I have been tasked with deploying certificate services within our organisation. I have a couple of questions which hopefully somebody can help me with. We are a medium sized business, between 400-450 users, around 25 windows servers doing various job across 4 main sites. Windows 2003 R2 and 2008 R2 domain controllers still in operation. I am planning the following: A single tier deployment, with 1 online Enterprise CA. Windows server 2008 R2. My question is this - when I install AD certificate services with the roles wizard and it asks for the name of the CA, by default in this part of the wizard some of my domain infromation is there. For example if my domain was called "contoso.local" and the server was named "Server1" the CA would be named Server1-Contoso.local-CA or something like that. Is there a danger in exposing my domain information like this and if so, in this part of the roles wizard can I just give it any logical name that will appear on certificates. Does this name really matter to the deployment at all? many thanks for any help you can provide. Cheers! grahamcoffer

You can give your CA any name not necessary related to your domain and or server names. The name it self does not affect any operations in your deployment. Please notice that there are other places where the AD domain name is visible in your enterprise PKI. The CDP and AIA attributes of all issued certificates normally contains both the name of the CA server and the domain it is member of. /Hasain

Thanks for the reply Hasain, much appreciated. grahamcoffer