48 How certificates are implemented
File naming conventions
File naming conventions
Server group root certificates and private keys
Table 8-2
Certificate store directories and files
Component
Secondary server
Clients
Certificate names contain globally unique identifiers (GUIDs). GUIDs are unique
IDs that are installed on each computer to prevent name collisions so that you
can move servers from one server group to another. Certificate names also
contain counters to provide historical records of a server's previous
membership in the same domain and to permit the reissuing of a certificate to
the same entity. Server group names are not included in certificates or file
names so that you can rename server groups.
File naming conventions fall into the following categories:
Server group root certificates and private keys
■
Server certificates and private keys
■
Login CA certificates and private keys
■
Certificate signing requests
■
The following examples show server group root certificate and private key
naming conventions:
<server-group-guid>.<counter>.servergroupca.cer
■
<server-group-guid>.<counter>.servergroupca.pvk
■
Directory
Certs: Contains the login CA and server certificates.
Private-keys: Contains the private keys for the login CA and
servers.
Cert-signing-requests: Empty.
Roots: Contains the root certificate for the first server group in
which it is a member. Might also contain root certificates for
other server groups.
Certs: Empty.
Private-keys: Empty.
Cert-signing-requests: Empty.
Roots: Contains the root certificate for the first server group in
which it is a member. Might also contain root certificates for
other server groups to permit roaming.