EAIT Internal CA

Used for signing smartcard authentication certificates and constrained intermediates in the Faculty of EAIT.

AD CS intermediates are constrained (using X.509 NameConstraints) to only signing Computer certificates for Windows workstations and servers in the relevant domain. These are used primarily for RDP access, and enforced by rdp.eait.uq.edu.au.

We also have an ACME intermediate, similarly constrained, with directory URL https://acme.eait.uq.edu.au/acme/acme/directory, which can sign certificates for non-Windows workstations.

Root CA certificates (X.509)

Intermediate CA certificates (X.509)

Certificate revocation lists (CRLs)

Signed every 2-4 weeks.

AD CS CRLs are also available in LDAP for machines which are members of the domain.