RE: Issue Certificate to AD Users
From: Dmitrii Zakharov[MSFT] (dmitriiz_at_online.microsoft.com)
Date: 04/05/04
- Next message: Dmitrii S. Zakharov [MSFT]: "Re: Issue Certificate to AD Users"
- Previous message: Sahil: "Re: CAPI to CAPICOM"
- In reply to: Allie: "Issue Certificate to AD Users"
- Next in thread: Dmitrii S. Zakharov [MSFT]: "Re: Issue Certificate to AD Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 4 Apr 2004 23:21:05 -0700
Hi, Allie,
x509 certificates are not directly associated with Active Directory. They
are issued to so called Common Name (CN). However, an AD user, logged into
windows, can install his certificate to CurrentUser system store. That way
programs running in his logon session will have access to his certificate
and will use it for establishing SSL connection.
In addition, you can use Active Directory to establish explicit mapping of a
certificate to domain account. (Ask if you need more details on exact
procedure). In that case such a certificate should be stored at Domain
Controller.
Now, what about issuing certificates, you will have to install Certificate Authority (CA) on your server.
(To do that you will have to go to Add-Remove programs -> Add Windows Components -> Certificate Services).
(Then you will go to run --> mmc --> add snap-in, and choose CA). CA has help that should be sufficient for issuing
certificates.
-Dmitrii
- Next message: Dmitrii S. Zakharov [MSFT]: "Re: Issue Certificate to AD Users"
- Previous message: Sahil: "Re: CAPI to CAPICOM"
- In reply to: Allie: "Issue Certificate to AD Users"
- Next in thread: Dmitrii S. Zakharov [MSFT]: "Re: Issue Certificate to AD Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
