Strata Copilot
    Next-Gen Trust Security
    : Add Microsoft AD CS
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security overview
    5. Overview: certificate issuance
    6. Adding a certificate authority
    7. Add Microsoft AD CS

    Next-Gen Trust Security

    Add Microsoft AD CS

    Table of Contents

    Add Microsoft AD CS

    Many organizations use Microsoft Active Directory Certificate Services (AD CS) to issue internally trusted certificates. Integrating Microsoft AD CS with Next-Gen Trust Security provides visibility into certificates issued by Microsoft AD CS and supports certificate issuance through that certificate authority.

    How it works

    Microsoft AD CS connects to Next-Gen Trust Security by using a VSatellite and a VSatellite Worker.
    The VSatellite is installed on a Linux server and provides a secure connection point between your internal network and Next-Gen Trust Security.
    The VSatellite Worker connects the VSatellite to your Microsoft AD CS server.

    What’s next

    The topics in this section describe how to set up and configure the AD CS integration with Next-Gen Trust Security.
    Before you begin, ensure that you have servers available for the VSatellite and VSatellite Worker. For details, see the system requirements.
    Your AD CS service must also meet specific configuration requirements. For details, see Setting up Microsoft AD CS.
    After the servers are in place and AD CS is configured, follow the remaining setup steps described in Issuing certificates with Microsoft AD CS.

    © 2026 Palo Alto Networks, Inc. All rights reserved.