Re: Why enterprise root CA automatically isue certificates.

From: Brian Komar (bkomar_at_komarconsulting.com.nospam)
Date: 01/20/04 

Date: Tue, 20 Jan 2004 11:08:49 -0600

In article <d51193cc.0401200841.7a1c35fe@posting.google.com>,
izael.ochoa@reforma.com says...
> Brian Komar <bkomar@komarconsulting.com.nospam> wrote in message news:<MPG.1a766a2a1acce81e9896ac@msnews.microsoft.com>...
> > In article <d51193cc.0401191208.9af83ba@posting.google.com>,
> > izael.ochoa@reforma.com says...
> > > Microsoft win2000 Enterprise Root CA NOT automatically issue
> > > certificates?
> > >
> > > I want that an Administrator authorize any certificate request before
> > > the certificate could be issued. I need to use an Enterprise root CA
> > > because EAP-TLS only work with Enterprise CAs. Is it possible?
> > >
> > > Thanks.
> > >
> > >
> > You can change the default properties of the CA.
> >
> > 1) Open the Certification Authority
> > 2) View the properties of the CA
> > 3) View hte Policy module
> > 4) Change the default Request Handling from using the ertificat etempalt
> > to set the certificate request status to pending.
> >
> > Brian
>
>
> Thaks Brian, but that procedure only works in a standalone CA. In an
> Enterprise CA the optios is disabled, is ther a way to enable it?
>
For an enterprise CA in Windows 2000, the default behavior is to base
the enrollment decision based on the DACL on the certificate template.
If you want to use pending of certificates, I recommend upgrading to the
win2k3 enterprise server running on enterprise edition.

Then, on a certificate template basis, you can choose to require CA
certificate manager approval for a specific certificate template.

With Windows 2000, the option is not available, as you have seen.

Brian

Relevant Pages

  • Re: Running in France
    ... >>> federation which requires one when you subscribe, so maybe any club ... >>> French federations). ... >>> on having a certificate, ... >>> I, the undersigned, Dr Proctor, certify that Mr Aleguzzler, Brian ...
    (uk.rec.running)
  • Re: Windows 2000 Certificate server---->2003
    ... Thanks Brian. ... securing and safeguarding Windows 98 and Windows NT computers available from ... Can only issue version 1 certificates using Automatic Certificate Request ...
    (microsoft.public.security)
  • Re: solaris 9 certification upgrade
    ... Brian Leung wrote: ... i want to upgarde to Solaris 9 certificate. ... I have always been leary of just upgrading. ... what did your first certificate bring you? ...
    (comp.unix.solaris)
  • Re: Are CSPs in a Certificate Template hard coded?
    ... Presumably you can actually enrol succesfully now as the correct CSP ... As Brian says, providing you are using the Certificate Templates MMC ...
    (microsoft.public.windows.server.security)
  • Re: Birth certificate update
    ... and it shows that it was picked up in NJ, so I guess it's up to Fedex now! ... Clay ... Thanks Brian, there is another thread here I started asking if anyone on this forum new someone in that office. ... Incidentally they are quoting now average 55 days for Certificate copies, ...
    (rec.travel.cruises)