Re: Win2003 server: certificate templates
From: Laudon Williams [MSFT] (laudonw_at_online.microsoft.com)
Date: 10/22/03
- Next message: Steven L Umbach: "Re: Deny user access to internet"
- Previous message: Fred Yarbrough: "Re: How to use W2K3 IAS with NT 4.0 domain"
- In reply to: laurent: "Re: Win2003 server: certificate templates"
- Next in thread: laurent: "Re: Win2003 server: certificate templates"
- Reply: laurent: "Re: Win2003 server: certificate templates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Oct 2003 08:15:45 -0700
The best way will be to enroll from the web page. You should be able to do
this directly from the UNIX system. The problem is that you are trying to
request a machine certificate from a user account.
-- This posting is provided "AS IS" with no warranties, and confers no rights. "laurent" <ripoll_laurent@yahoo.fr> wrote in message news:OsLs4vKmDHA.2432@TK2MSFTNGP10.phx.gbl... > > The servers are running under UNIX, and I decided to request the > certificates with the mmc tool on a windows XP or 2000 computer ( I > already did some tests with the web enrollment). > After obtaining the certificates I export them on the servers. > > I used the certificate user snap-in in the mmc panel to request a > certificate. > I created a "serverCert" template by modifying the "computer" template, > but I cannot access "serverCert" through the mmc panel. > I checked the rights on the certificate template and I have the right to > enroll. > To be able to request this new certificate template via mmc, are there > any constraints? Do you have to duplicate specific templates, in order > to access them? > > Thanks, > laurent > > > Laudon Williams [MSFT] wrote: > > Laurent, machines can enroll under their own context. Given an Enterprise > > CA, you can add the machine to the template and it can autoenroll for the > > certificate. The user does not have to intervene. I obviously don't have the > > full context here, but it seems easier that way. > > > > For your second question, 1.3.6.1.4.1.311.21.10 is application policies, a > > Microsoft extension. It should be benign. You can make sure that there are > > no application policies enabled in the template. > > > > > >Hi, > > >Thanks for your help with my last questions about the certificates > >renewal for a standalone CA. I chose to reenroll them. > >I'm now doing some tests on a windows server 2003 enterprise CA and I > >have a few questions. > >I create some server certificates for machines that need to establish > >ssl connections. > >Here are some questions about certificates templates: > >I created a new certificate template "serverCert". > > > 1)I have a user toto who is identified on my domain, and who can use > >this certificate template. I succeeded in getting a certificate with > >this new template through the web enrollment page with this user but I > >cannot access "serverCert" through the mmc panel. > >The only templates I'm prompted with are EFS and USER > >So is there a way to access this new certificate template via the mmc > >panel? > > > 2)As I received a new certificate with the Web enrollment page, I saw > >some unusual oids like this one: > >1.3.6.1.4.1.311.21.7 and this one 1.3.6.1.4.1.311.21.10. > >I did some research, and the first one seems to be the certificate > >template id, and I don't know the role of the second one. > >Are these oids necessary, if not is there a way to remove them? > >Indeed I'm not sure if it will work with the servers. > > > >Thanks, > >laurent > -- > --------------- > laurent Ripoll > www.altasys.fr > --------------- > > >
- Next message: Steven L Umbach: "Re: Deny user access to internet"
- Previous message: Fred Yarbrough: "Re: How to use W2K3 IAS with NT 4.0 domain"
- In reply to: laurent: "Re: Win2003 server: certificate templates"
- Next in thread: laurent: "Re: Win2003 server: certificate templates"
- Reply: laurent: "Re: Win2003 server: certificate templates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
