On Mon, 30 Apr 2007 08:38:01 -0700, KeyMaster wrote:
would be the options there? Is there a website where they could download this
from?
Let's say I assign a cert to a web server that is accessible from the
outside using certs from my internal cert server. When browsing the website
from our domain the certification path is good, but when browsed from a
customer they get all the certificate errors. What certs would they need, the
issuing CA and the root CA cert's or just the root?
Bare minimum, they need to add the root Ca to the trusted root store (if
their company allows them to do this).
Additionally, you would need to configure the PKI to have externally
accessible URLs for each CA in the hierarchy for their CDP and AIA.
The default certsrv Web page has an option to download the certificate
chain, allowing the user to install the certificate into the appropriate
stores
Re: Newbie wants to learn about PKI Server 2003...... ... 2003 PKI Certificate Security", and have been lurking here for a bit. ... We will implement a 2 tier heirarchy, with the Root CA being offline. ... All clients that attempt revocation checking will first attempt to retrieve the CRL from the ... level below a self-signed cert, so applications that are 3280 compliant would never check the ... (microsoft.public.windows.server.security)
Re: Change validatiy period of a Root certificate ... should not have either an AIA or a CDP URL in it" But when I go to install ... my subordinate stand alone CA it asks me for a Root CA to get it's cert from. ... I picks up my newly created standalone Root CA. ...certificate, copying the certificate to removable media and then installing ... (microsoft.public.security)
Re: Schannel CertificateChainValidation failing ... I am not fully up to speed with certs (root, end entity, ...valid Windows trusted root cert.... You've enabled certificate revocation checking, and the validation code... (microsoft.public.platformsdk.security)
Re: WM5 PEAP with Certificates ... to connect to our wireless with my Axim x51v. ... in the trusted root certificate area.... EAP/TLS and you do need a user and root cert on the device. ... (microsoft.public.pocketpc.wireless)
Re: Smart Card Logon ... Is the root CA issuing the EE certs? ... The issuing CA cert goes in the NTAUTH ... > 2) Created a certificate trust list for it. ... > and validated the third party smart card logon certificate... (microsoft.public.win2000.security)
