Re: Smart Card Logon
From: David Cross [MS] (dcross@online.microsoft.com)
Date: 01/27/03
- Next message: Ash: "Blocking UDP port"
- Previous message: David Cross [MS]: "Re: EFS confirmation"
- In reply to: HCJ: "Smart Card Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Cross [MS]" <dcross@online.microsoft.com> Date: Mon, 27 Jan 2003 06:57:45 -0800
Are the CRLs all accessible and available in the certs for the entire chain?
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "HCJ" <harvil@aol.com> wrote in message news:088201c2c31d$6af479f0$cef82ecf@TK2MSFTNGXA08... > Here's the Scenerio: > > I would like to use smart cards issued by an "external > Root CA" to be able to logon to my domain (locally). > First of all is this possible? Guidelines I've read talk > about third party CAs and Offline CA, but not > explicitly "External CAs". > > Here's what I've done: > > 1) Setup Account for external smart card user and mapped > smart card logon cert to account in AD. > 2) Placed external CAs Root certificate in Trusted CA > Store in Group Policy > 3) Loaded External Root CA Certs in NTAuth Store in AD > 4) Used "DSSTORE -checksc" utility to validate certifcate > chain on smart card on target workstation > 5) Issued domain controller certificate to my Domain > Controller (Internal CA Issued cert) > > These are the highlights. > What am I missing? > >
- Next message: Ash: "Blocking UDP port"
- Previous message: David Cross [MS]: "Re: EFS confirmation"
- In reply to: HCJ: "Smart Card Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
