Re: Automatic publishing of certificates in AD?

From: Fredrik Larsson (fredrik_at_comex.se)
Date: 05/05/03 

Date: Mon, 5 May 2003 10:39:51 +0200

What I want is for the Enterprise CA to publish the user certificates not
only for EFS to AD.
Possible case: A company uses Outlook on clients but not Exchange server and
wants to use smartcard based certificates for both user authentication and
SMIME (internally). The easyiest soulution for distributing the
certificates(recipients) would be to have the CA publish each users cert to
AD.

/Fredrik

"David Cross [MS]" <dcross@online.microsoft.com> skrev i meddelandet
news:uDyWZvcEDHA.3288@TK2MSFTNGP11.phx.gbl...
> An enterprise CA will automatically publish encryption certs to the Active
> Directory for windows 2000. IN Windows Server 2003, this can be set on a
> per template basis.
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/deploy/confeat/WS03CrTm.asp
>
> Can you be more specific on your failure that you are seeing?
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "Fredrik Larsson" <fredrik@comex.se> wrote in message
> news:%237xtxKLEDHA.1888@TK2MSFTNGP12.phx.gbl...
> > Has anyone been successful in getting this working?
> > According to the help in win2k server itīs sufficent that the option
Allow
> > certificates to be published in AD checked in the settings for the Exit
> > module.
> >
> > On technet it states that the certificate request have to contain the
path
> > where the certificate should be published.
> > If you have to send the path with the request, then you would somehow
have
> > to change the certificate templates, right?
> >
> > /Fredrik
> >
> >
>
>

Relevant Pages

  • Re: 2003/R2 certificate server questions
    ... running OPenSSL to service requests from Linux/samba ... certificates, but I also want to be able to issue random certificates ... Make sure you are running on Enterprise Edition, ... Automatic certs, Key archival and recovery, customizable ...
    (microsoft.public.windows.server.security)
  • Re: Enterprise Subordinate CA signed by third party Commercial CA like Verisign/Thawte/etc
    ... we will need to have trust ... As far as standard versus enterprise, ... If the root CA is compromised your whole PKI ... > your certificates then it would make sense to use your own CA. ...
    (microsoft.public.windows.server.security)
  • Re: client user certificates
    ... in certificates using Windows Server 2003 Enterprise Edition Enterprise CAs ... but it would be nice if there was a way to autoenroll the user. ... We have a Windows Server 2003 domain environment with a Enterprise ...
    (microsoft.public.windows.server.active_directory)
  • RE: CA Client Certificates only expire in one years time
    ... If this was installed as an Enterprise CA this is normal. ... which in v1 templates cannot be modified. ... "For certificates that are issued by Enterprise CAs, the validity period is ...
    (microsoft.public.windows.server.general)
  • EFS certificate renewal
    ... We use EFS in our organization and have a Windows 2003 Enterprise CA ... If the computer is not connected when the renewal period is first ... If the first renewal request is not successful because the Enterprise CA ... certificates, ...
    (microsoft.public.windows.server.security)