Re: Auto-Enrollment of Certificates

From: Michiko Short [MSFT] (michikos_at_online.microsoft.com)
Date: 01/13/05 

Date: Thu, 13 Jan 2005 11:12:21 -0800

Priya,
First, to answer your question about why you cannot see the Certificate
Templates snap-in. This is a Active Directory configuration, so assuming
your Windows XP system is part of an Active Directory environment, you need
to install the Administration Tools Pack (Adminpak.msi).

This whitepaper describes how to use auto-enrollment with Windows Server
2003 CAs. For this to work you need to have an Active Directory environment
using Windows Server 2003 issuing CAs and the workstations must belong to a
domain. This is explained under "Key Points" in "How Autoenrollment Works".

Auto-enrollment cannot be used to get certs from third party CAs. If you
wanted to use autoenrollment with the Verisign hiearchy then you would need
to work with Verisign and deploy a Windows Server 2003 subordinate CA in
your environment.

Did that answer your questions? 

--
Michiko Short [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for 
newsgroup purposes only.
"Priya" <Priya@discussions.microsoft.com> wrote in message 
news:50FFF9E9-4A82-4A6A-8BD6-A7075D5F3508@microsoft.com...
> Hello All,
>
> Below is a link, which is a white paper for Auto-enrollment of 
> Certificates:
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>
> I tried to follow the mentioned steps, but i didnot find Certiifcate
> template in the 'Add Standalone Snap-In', I can just see Certificates 
> option
> there. Let me tell you that I have Windows XP OS. So, please let me know 
> how
> to go about it. Also, I wanted to know if this is an alternative to get 
> the
> certificates for our CSPs from certain authorized organization like
> VeriSign.com.
>
> Thanks in advance.
>
> Regards,
> Priya.
>

Relevant Pages

  • Re: Auto-Enrollment of Certificates
    ... What I understood from your reply is that I need to have an Active Directory ... hiearchy then you would need to work with Verisign and deploy a Windows ... Server 2003 subordinate CA in your environment." ... certificates provides a quick and simple way to issue certificates to users ...
    (microsoft.public.platformsdk.security)
  • Address Book over LDAPS
    ... Ok i've read many articles about certificates and secure ldap, ... I have a windows 2000 active directory, that i want to give access to ...
    (microsoft.public.win2000.active_directory)
  • Address Book over LDAPS
    ... Ok i've read many articles about certificates and secure ldap, ... I have a windows 2000 active directory, that i want to give access to ...
    (microsoft.public.access.security)
  • Re: AD sites and services
    ... A search for "Active Directory Sites" yeilds the following: ... After an Unsuccessful Domain Controller Demotion" ... http://support.microsoft.com?kbid=220140 "FRS Replication Protocol and Topology ... Windows 2000 Domain Controllers" ...
    (microsoft.public.win2000.active_directory)
  • Re: Migration AD from Windows 2000 to 2003
    ... Do you want to migrate or upgrade the existent Forest? ... Best Practice Active Directory Design for Managing Windows Networks ... Windows Server 2003 Tools ...
    (microsoft.public.windows.server.active_directory)