Re: View certificate database

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 05:43:25 -0700

If the user has the same UPN value (name) as in the subjaltname of the cert,
the cert is implicitly trusted. The mapping is done via the UPN. 

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Deweirt Steven" <sdeweirt@hotmail.com> wrote in message
news:O6gtLgiDDHA.2100@TK2MSFTNGP11.phx.gbl...
> Can somebody help I want to know if the mapping between a user certificate
> and user happens on the SID are what?
> Because if I delete the user and recreate it with the same name he has
back
> access to the certificate secured objects.
>
> Thx
>
> "youpski" <youpski@remove_hotmail.com> wrote in message
> news:004401c30e16$5bf94cc0$3401280a@phx.gbl...
> > Yes, that is what you would think. Authenticated Users
> > has read access there by default. Still. no authenticated
> > user can access the database. So the problem lies
> > somewhere else.
> >
> > thnx anyway Y
> >
> >
> > >-----Original Message-----
> > >You need to provide Read access to the desired users or
> > group. You can do
> > >that in the Security tab of the CA snapin
> > >
> > >--
> > >This posting is provided "AS IS" with no warranties and
> > confers no rights.
> > >Use of any included samples is subject to the terms
> > specified at
> > >http://www.microsoft.com/info/copyright.htm"
> > >"youpski" <youpski@remove_hotmail.com> wrote in message
> > >news:03a301c30d8f$b8a855b0$3001280a@phx.gbl...
> > >> Hello, how do I allow or delegate non-administrators to
> > >> view the Certificate Database on a CA server. When you
> > >> are not a member of the local Administrators group on
> > the
> > >> CA server you receive an "Access Denied" 0x5 when
> > >> openeing the Certification Authority snap in on a
> > remote
> > >> computer. When you are a member of the Administrators
> > >> group on the CA server you can view the database (no
> > >> Access Denied error) but you can also revoke
> > certificates
> > >> and alter the database settings. I want other people to
> > >> just view the database using the MMC snap in on their
> > >> local machine. View the pending-,issued- and failes
> > >> requests on the CA server... they may not alter the
> > >> database or the settings, just view it.
> > >>
> > >> thnx Y
> > >
> > >
> > >.
> > >
>
>

Relevant Pages

  • Re: IIS Certificate Mapping password retreival
    ... themselves get stored in AD when you do the AD Mapping. ... Then install Cert Server as a root Enterprise CA ... "Active Directory Mapping" for more details.)" ... when the IIS server receives a certificate ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS Certificate Mapping password retreival
    ... > before the user can request a client cert. ... but the certificate that AD automatically creates for a ... mapping in IIS, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Client certificate error with web services
    ... Also tried using a 1 to 1 mapping ... It worked fine with the Microsoft CA cert. ... Client certs produced by a Microsoft CA work fine for authentication. ... certificate is mapped to a user in the SAM via certificate mapping. ...
    (microsoft.public.dotnet.security)
  • Re: IIS Certificate Mapping password retreival
    ... The password retrieval is in IIS's Certificate Mapping, ... To achieve cert mapping for IIS you need to have the cert ... > SubjectAlternate field) of the client certificate that gets issued. ...
    (microsoft.public.inetserver.iis.security)
  • Re: ADFS Token-signing Certs Not in Trusted Root Store
    ... This is good info, Joe. ... So now I know that the token-signing certificate is ... Get a signing cert from a CA ... case, you never have to worry about expiration or CRL checking, as your cert ...
    (microsoft.public.windows.server.active_directory)