Re: Why enterprise root CA automatically isue certificates.

From: izael (izael.ochoa_at_reforma.com)
Date: 01/21/04 

Date: 21 Jan 2004 09:52:00 -0800

Brian Komar <bkomar@komarconsulting.com.nospam> wrote in message news:<MPG.1a771c9b7bea02ea9896ad@msnews.microsoft.com>...
> In article <d51193cc.0401200841.7a1c35fe@posting.google.com>,
> izael.ochoa@reforma.com says...
> > Brian Komar <bkomar@komarconsulting.com.nospam> wrote in message news:<MPG.1a766a2a1acce81e9896ac@msnews.microsoft.com>...
> > > In article <d51193cc.0401191208.9af83ba@posting.google.com>,
> > > izael.ochoa@reforma.com says...
> > > > Microsoft win2000 Enterprise Root CA NOT automatically issue
> > > > certificates?
> > > >
> > > > I want that an Administrator authorize any certificate request before
> > > > the certificate could be issued. I need to use an Enterprise root CA
> > > > because EAP-TLS only work with Enterprise CAs. Is it possible?
> > > >
> > > > Thanks.
> > > >
> > > >
> > > You can change the default properties of the CA.
> > >
> > > 1) Open the Certification Authority
> > > 2) View the properties of the CA
> > > 3) View hte Policy module
> > > 4) Change the default Request Handling from using the ertificat etempalt
> > > to set the certificate request status to pending.
> > >
> > > Brian
> >
> >
> > Thaks Brian, but that procedure only works in a standalone CA. In an
> > Enterprise CA the optios is disabled, is ther a way to enable it?
> >
> For an enterprise CA in Windows 2000, the default behavior is to base
> the enrollment decision based on the DACL on the certificate template.
> If you want to use pending of certificates, I recommend upgrading to the
> win2k3 enterprise server running on enterprise edition.
>
> Then, on a certificate template basis, you can choose to require CA
> certificate manager approval for a specific certificate template.
>
> With Windows 2000, the option is not available, as you have seen.
>
> Brian

Thanks Brian!!!

Relevant Pages

  • Re: Delivering certificate not in the same domain name ?
    ... the existing Web Server certificate template and configured it so that the ... If you wish to support Subject Alternate Names under Windows 2003 ... If I am installing an enterprise Windows certificate authority, ...
    (microsoft.public.windows.server.security)
  • Re: DCOM error with NTBACKUP and Certificate Services
    ... >> Hi Brian ... > subordinate CAs, then you must only publish the Subordinate ... > Certification Authority certificate template at the online root CA. ...
    (microsoft.public.win2000.security)
  • Re: CA certificate template custom subject name format
    ... is it possible to use a different "subject name format" ... the options available on a V2 certificate template (Common name, ... Not through the standard certificate template interface. ... Brian ...
    (microsoft.public.windows.server.security)
  • Re: Problems with the newly arrived unicycle.
    ... Our small enterprise exists to serve our fellow unicyclists. ... Brian, if you ever have a problem with anything you've purchased from ...
    (rec.sport.unicycling)
  • Re: sorry about that my key board is acting up
    ... > Even if they could they wouldn't do so now, the shuttle program is ... > winding down and all remaining vehicles will be retired by 2010. ... I don't mean Enterprise, I mean 2010. ... Brian Gaff....Note, this account does not accept Bcc: ...
    (sci.space.shuttle)