content changes

2025-06-18 03:43:39 +00:00 · 2017-08-22 11:33:07 -07:00
parent d69373774c
commit 3b7d2c9401
1 changed files with 1 additions and 1 deletions
--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@ -33,7 +33,7 @@ This section has you configure certificate templates on your Windows Server 2012
 ### Domain Controller certificate template
-Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate.  Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain.  This provides clients a root of trust external to the domain<EFBFBD>namely the enterprise certificate authority.
+Clients need to trust domain controllers and the best way to do this is to ensure each domain controller has a Kerberos Authentication certificate.  Installing a certificate on the domain controller enables the Key Distribution Center (KDC) to prove its identity to other members of the domain.  This provides clients a root of trust external to the domain - namely the enterprise certificate authority.
 Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory.  However, certificates based on the *Domain Controller* and *Domain Controller Authentication* certificate templates do not include the **KDC Authentication** object identifier (OID), which was later added to the Kerberos RFC.  Therefore, domain controllers need to request a certificate based on the Kerberos Authentication certificate template.