Re: Adding the Certificate Templates to the Certification Authority
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/07/05
- Next message: jive_dancer: "zombie network ?"
- Previous message: Steven L Umbach: "Re: Logging OU access Event ID's"
- In reply to: Michael Shire: "Adding the Certificate Templates to the Certification Authority"
- Next in thread: Randy Franklin Smith: "Re: Adding the Certificate Templates to the Certification Authority"
- Reply: Randy Franklin Smith: "Re: Adding the Certificate Templates to the Certification Authority"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 Jan 2005 11:32:33 -0600
Yes, version 2 templates are only available from a W2003 Enterprise CA. The
link below for Windows 2003 WIFI has a bunch of articles. You can use the
older templates for users for users and for computers to obtain the
necessary certificates [it worked for me]. It is much easier to set up on
XP, though MS does have 802.1X download for Windows 2000. I have not had
much luck with WPA using Windows 2000. XP has WPA supplicant built in and
you will need the Funk supplicant [ not free last time I checked] or one
from the wireless card manufacturer IF they provide one. You may just want
to use PEAP which does not require certificates on the clients. With PEAP
you still will have much improved security due to dynamic WEP. EAP-TLS is
nice however on that it insures that more than a logon name/password is
required to gain access to the WAP which can keep unauthorized computers off
the network. I believe there is also a wireless newsgroup for Microsoft that
you may post in to see if others have tried what you want top do. --- Steve
http://www.microsoft.com/windowsserver2003/technologies/networking/wifi/default.mspx
"Michael Shire" <MichaelShire@discussions.microsoft.com> wrote in message
news:8B05BDA8-BAF5-4B24-A4C5-0D2278526664@microsoft.com...
> Still following the Microsoft Securing WLANs deployment guide. I'm adding
> the certificate templates to the CA, but the newly created (duplicated)
> ones
> don't show up on the "New->Certificate Template to Issue" list.
>
> The Certificate Templates say the "Minimum supported CAs" are Windows
> 2003,
> Enterprise Edition. If I don't have Enterprise Edition on the CA, I guess
> I
> can't issue those templates.
> Q1: Is this because they are V2 templates?
> Q2: Is there a "Build Guide for Securing Wireless LANS - A Windows Server
> *2000* Certificate Services Solution"?
> Q3: If I don't want to install Win2K3 EE on the CA, is there another
> adequate template I can use for users, computers, and servers?
>
> FYI, I'm going into this PKI solution with my users on a NT4 domain. All
> users are in a Windows 2000 native mode AD, configured with SIDhist
> pointing
> to the NT4 account. My wireless PCs will be Windows 2000 which means no
> WZC
> or auto-enrollment. I figured I can get around the V2 enrollment by using
> the Web.
>
> Q4: Did I bite off more than anyone else would attempt to chew?
- Next message: jive_dancer: "zombie network ?"
- Previous message: Steven L Umbach: "Re: Logging OU access Event ID's"
- In reply to: Michael Shire: "Adding the Certificate Templates to the Certification Authority"
- Next in thread: Randy Franklin Smith: "Re: Adding the Certificate Templates to the Certification Authority"
- Reply: Randy Franklin Smith: "Re: Adding the Certificate Templates to the Certification Authority"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
