Re: Assigning Certificates
From: krish shenoy[MS] (kshenoy_at_online.microsoft.com)
Date: 07/31/03
- Next message: Derek Cheng [MSFT]: "Re: assigning Privileges to a security group"
- Previous message: JasonW: "Re: Popup security window???"
- In reply to: Johnny: "Re: Assigning Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 08:57:44 -0700
You can use the Win2k3 Certreq -new command to generate a request that takes
an inf file containing the request parameters. Set MachineKeySet=True and
Exportable=TRUE and specify Subject in the format required by IPSec
CN=machine name,DC= ..,DC=..,DC=..
Then submit the request using certreq -submit and accept it using
certreq -accept
You can then export the certificate to a file
Alternatively you can create a script that uses Xenroll to create the
request
[NewRequest]
Subject = "CN=..,OU=...,DC=..."
PrivateKeyArchive = TRUE
KeySpec = 1
KeyLength = 1024
RenewalCert = CertId
SMIME = TRUE
Exportable = TRUE
UserProtected = TRUE
KeyContainer = "..."
MachineKeySet = TRUE
Silent = TRUE
ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"
ProviderType = 1
UseExistingKeySet = TRUE
RequesterName = DOMAIN\User
RequestType = PKCS10 | PKCS10- | PKCS7 | CMC
KeyUsage = 0x80
EncipherOnly = TRUE
-- This posting is provided "AS IS" with no warranties and confers no rights. Use of any included samples is subject to the terms specified at http://www.microsoft.com/info/copyright.htm" "Johnny" <jkaftan@wts.com> wrote in message news:uYhp9MVVDHA.2268@TK2MSFTNGP11.phx.gbl... > My problem is not importing, it is having something to import. I want to > allow users to connect via VPN with Certificates to my network. I want to > be able to generate a certificate and hand it to them on a floppy. Then > they can take it home and install it on their computer and get into the > network. > > > "Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message > news:uV2mRAVVDHA.3924@tk2msftngp13.phx.gbl... > > It depends on CA policy used. What is the purpose of this certificate? > > > > In general you can use MMC with Certificate Snap-In to import certificate > > under Computer Account.... > > > > -- > > Mike > > MCSA 2K, MCSE 2K, MCT, ... > > > > "Johnny" <jkaftan@wts.com> wrote in message > > news:OjW4$JUVDHA.2004@TK2MSFTNGP10.phx.gbl... > > > Looking for a way to assign Computer Certificates to machines that are > > never > > > on the network. Is there a way for an administrator to create a > > certificate > > > that can be imported to a Machine's Certificate store. I could then > > create > > > a certificte, copy it to a floppy and send it home with the user. > > > > > > Thanks. > > > > > > > > > > > >
- Next message: Derek Cheng [MSFT]: "Re: assigning Privileges to a security group"
- Previous message: JasonW: "Re: Popup security window???"
- In reply to: Johnny: "Re: Assigning Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
