Re: CA and IIS

From: krish shenoy[MS] (kshenoy@online.microsoft.com)
Date: 04/18/03 

From: "krish shenoy[MS]" <kshenoy@online.microsoft.com>
Date: Fri, 18 Apr 2003 11:48:22 -0700

You need an alternate mechanism to distribute client certs to users.
In windows 2003 enterprise server you can achieve this through user
autoenrollment
In win2000 you can use certificate snapin or web enrollment to have users
enroll for ("User" template certificate for enterprise CAs
or client authentication certificate for Standalone CAs. Then make sure the
Issuing CA is trusted by the web server machine.
IE will pick the certificate for client auth 

-- 
This posting is provided "AS IS" with no warranties and confers no rights.
Use of any included samples is subject to the terms specified at
http://www.microsoft.com/info/copyright.htm"
"cy" <noprob@adpost.com> wrote in message
news:084e01c30483$add01cf0$3301280a@phx.gbl...
> i run cert server on one server and IIS on another. On the
> web server, i created a page that requrie client cert. In
> this who will issue the client cert to the clients that
> will be recognise by the  webserver? Pls show me how. Tks.
>
>
> >-----Original Message-----
> >Yes they can be run on different servers.  The cert is
> recognized because it
> >is issued by the CA and has a Trust path.
> >
> >-- 
> >Rick Kingslan  MCSE, MCSA, MCT
> >Microsoft MVP - Active Directory
> >Associate Expert
> >Expert Zone - www.microsoft.com/windowsxp/expertzone
> >
> >
> >"cy" <noprob@adpost.com> wrote in message
> >news:07d801c303c9$4e6e09d0$3001280a@phx.gbl...
> >> Must IIS and Certificate server (root CA or SubCa) be on
> >> the same server? Can I use IIS (with client cert
> >> authentication) on one server and run certificate server
> >> onanother machine? If can be doe, how will the IIS know
> >> the cert is the correct one?
> >>
> >>
> >
> >.
> >

Relevant Pages