Re: Issuing Certificates

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 05/02/03 

Date: Fri, 2 May 2003 13:13:19 -0700

Can you verify that the certificates issued are for other DC machines?
As soon as an enterprise CA comes online in a domain, the DC will attempt to
get the DC certificates.

Hope it helps,
Vishal 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"Gabe Matteson" <gmatteson@cox.net> wrote in message
news:uLPkAANEDHA.584@TK2MSFTNGP12.phx.gbl...
> This is my situation.
>
> I have installed an enterprise CA on my DC. After viewing the certificate
> store, I only have one CA cert. which is good. Now when I went into the
> domain security policy and added the CA certificate to the "trusted root
> certificates" after waiting a while, I view the issues certs from in the
CA
> mmc. I have about 5 certs. These certs. Are from other machines in the
> domain, I would like to know why those machines have certs when I didn't
> issue them any... I'm just a little confused on where they came from...
>
> - Gabe
>
> The only cert i issued was an admin cert for file recovery. picture is
> attached...
>
> Really appreciate the help.
>
> "Rajesh Kumar [MSFT]" <rajkumar@online.microsoft.com> wrote in message
> news:uRaqU9FEDHA.2368@TK2MSFTNGP11.phx.gbl...
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
> > ol/windowsserver2003/proddocs/server/sec_auth_certobtainsrv.asp talks
> about
> > how to do that.
> > Basically you need to ensure following:
> > 1. Enterprise CA is configured to issue "User" certificate template (CA
> > snap-in->Policy settings)
> > 2. Authenticated users have enroll permission on "User" certificate
> template
> > Domain users can request certificate through Certificate snap-in or
> through
> > web page http:// Machine Name>/certsrv. Later requires IIS to be
> > installed on the CA machine.
> >
> > Rajesh
> >
> > -
> > This posting is provided "AS IS" with no warranties and confers no
rights.
> >
> > "Gabe Matteson" <gmatteson@cox.net> wrote in message
> > news:#CgKAEEEDHA.2596@TK2MSFTNGP11.phx.gbl...
> > > How do I issue a user a certificate, I have AD and an enterprise ca. I
> > want
> > > them to have their own certs so that they can encrypt their files and
> sign
> > > their email? can anyone shed some light? thank you.
> > > - Gabe
> > >
> > >
> >
> >
>
>
>

Relevant Pages

  • Re: Problem with Certificate and Encryption
    ... the 'format' does not offer NTFS but if you use 'CONVERT ... Certificate, I have deleted it and had the system re-create new one. ... > Adding users is going to be a little complicated unless the machines are in> a domain and can guarantee that the users> will always use the same certificates. ... The encryption method seem to be> same ...
    (microsoft.public.windowsxp.security_admin)
  • Code Signing Cert not trusted?
    ... I have a Windows 2003 Standard Server installed as an Enterprise CA in my root domain. ... I have granted my user account a Code Signing certificate and successfully signed an Excel macro. ... I have verified that on my workstation the Enterprise CA is indeed in the Trusted Publishers store (this is replicated to all machines in our domain) and the certificate is valid on the CA. ...
    (microsoft.public.windows.server.security)
  • Re: Problem with Certificate and Encryption
    ... All the machines are XP. ... The encryption method seem to be same ... > the certificate and that you are using the ... >> of Authenticity that comes from the originating PC's ...
    (microsoft.public.windowsxp.security_admin)
  • Why doesnt IPSEC respect revoked certificates.
    ... Enterprise Certificate Authority, ... issued Offline IPSEC Certificates to two machines - both in different ... Restarted IPSEC Policy Agent on both machines. ...
    (microsoft.public.win2000.security)
  • Re: Issuing Certificates
    ... Can you verify that the issued certificates are for other DC machines in the ... domain will try to obtain the certificate. ... > I have installed an enterprise CA on my DC. ... I have about 5 certs. ...
    (microsoft.public.win2000.security)