Requesting a certificate for another user

From: Sasa (anonymous_at_discussions.microsoft.com)
Date: 04/27/04

• Next message: Laura E. Hunter \(MVP\): "Re: Backing up encrypted files"
• Previous message: Guy: "Allowing access to a domain share when Domain Controller not running"
• In reply to: Franc v/d Westelaken: "Requesting a certificate for another user"
• Next in thread: Franc v/d Westelaken: "Re: Requesting a certificate for another user"
• Reply: Franc v/d Westelaken: "Re: Requesting a certificate for another user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Apr 2004 10:31:54 -0700

As for the possibility to request a certificate on behalf
of another user, there is a template called enrollment
agent, that should be configured for the purpose. This one
is ussualy used for smart card deployments, but is
intended for a signature purpose in general.

You could also check autoenrollment option in GPO user
settings. Thus you will take the burden of the
administrator as well.

All you need is to configure Certificate Templates .msc
for the certificates you want users to automatically
enroll for, and also, don't forget to configure your group
policy.

Regards,

S

>-----Original Message-----
>Hi,
>
>I've installed a Windows 2003 CA in Enterprise Mode. Is
it possible as
>an administrator to request a certificate on behalf of
another user ?
>I don't want to burden a user with certificate request. I
want to
>request a certificate for that user and distribute it.
>
>Is this possible ?
>
>Franc.
>.
>

• Next message: Laura E. Hunter \(MVP\): "Re: Backing up encrypted files"
• Previous message: Guy: "Allowing access to a domain share when Domain Controller not running"
• In reply to: Franc v/d Westelaken: "Requesting a certificate for another user"
• Next in thread: Franc v/d Westelaken: "Re: Requesting a certificate for another user"
• Reply: Franc v/d Westelaken: "Re: Requesting a certificate for another user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Change process owner to submit certificate requests ... The signing certificate remains in the client's Key ... You can see an example of this code in the win2k web enrollment ... > Creating an Enrollment Agent Signed CMC Request ... > HCERTSTORE hCertStore = CertOpenStore( ... (microsoft.public.platformsdk.security) Re: Auto certificate and key generation to pfx ... but the classes merely use CryptoAPI for ... >Enrollment samples: ... >Troubleshooting Certificate Status and Revocation ... >> certificate request (I assume you can request a new ... (microsoft.public.platformsdk.security) Re: Computer and User Certificates Issues ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ... (microsoft.public.security) Re: Cannot request computer certificate. ... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ... (microsoft.public.windows.server.security) Re: Change process owner to submit certificate requests ... in order to allow the requestor to be different than the certificate ... You can see an example of this code in the win2k web enrollment ... Creating an Enrollment Agent Signed CMC Request ... (microsoft.public.platformsdk.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint