RE: Using Subordinate CA's

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 01/28/05

• Next message: Brian Komar: "Re: Using Certificates with IPSEC"
• Previous message: MSM: "Windows History"
• In reply to: Scotty: "RE: Using Subordinate CA's"
• Next in thread: Scotty: "RE: Using Subordinate CA's"
• Reply: Scotty: "RE: Using Subordinate CA's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Jan 2005 15:33:04 -0600

In article <553FD614-C1BD-49C1-9E33-CEEA04749308@microsoft.com>,
Scotty@discussions.microsoft.com says...
> Wow. That was easy. Can computers be set up to request a certificate
> automatically? I read where the GPO can be set up to where the computer
> request a certificate for the PC, but what about User Certificates?

If you are using the Windows Server 2003 enterprise CAs, running on
Windows Server 2003, Enterprise Edition, you can enable autoenrollment
for user through a combination of Version 2 certificate templates and
Group Policy.

The client computers *must* be running Windows XP.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/plan/auto
enro.asp

Alternatively, I have included a vbs script in my book that allows you
to perform scripted enrollment (automated enrollment) for user
certificates on Windows 2000 clients with CAPICOM loaded.

http://www.microsoft.com/MSPress/books/6745.asp

Brian

>
> "Brian Komar" wrote:
>
> > In article <D9869C23-1A34-4C83-BE99-9EE4E35E3602@microsoft.com>,
> > Scotty@discussions.microsoft.com says...
> > > Sorry this is a duplicate of the thread above.
> > >
> > > "Scotty" wrote:
> > >
> > > > At one of my locations I setup an Enterprise Root CA, then also at the same
> > > > location I set up a Enterprise Subordinate CA. When I request a new
> > > > certificate through the Snap-in, it request a certificate from my Root CA
> > > > instead of my subordinate CA. How can I force the computers to request from
> > > > the Subordinate CA?
> > >
> > Do an advanced request. This allows you to choose which enterprise CA
> > for the request submission
> >
> > Brian
> >
>
R

• Next message: Brian Komar: "Re: Using Certificates with IPSEC"
• Previous message: MSM: "Windows History"
• In reply to: Scotty: "RE: Using Subordinate CA's"
• Next in thread: Scotty: "RE: Using Subordinate CA's"
• Reply: Scotty: "RE: Using Subordinate CA's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Certificate request failed. Keyset does not exist ... permissions to request a certificate. ... You receive a "Failed to generate the certificate request" error message ... Error message when a client computer requests a certificate from a computer ... running Windows Server ... (microsoft.public.windows.server.sbs) Re: Requesting a Certificate with Mutilple Common Names ... Windows Server 2003 advanced certificate enrollment whitepaper: ... Best Practices for implementing Windows Server 2003 PKI: ... > How do I request a certificate with multiple CNs using IIS certificate> request wizard? ... (microsoft.public.security) Re: Advanced Certificate Request ... Windows Server 2003 advanced certificate enrollment whitepaper: ... Best Practices for implementing Windows Server 2003 PKI: ... >I try to request certificate using web page> http://server/certsrv/> Request a certificate> ... (microsoft.public.security) Re: Enteprisesubordinate CA in parent:child domains ... I cannot request a certificate even from CA itself for itself - error is ... DNS works OK ... > go to AD Users and Computers does the CA computer show as a member of the ... (microsoft.public.win2000.security) RE: Using Subordinate CAs ... Can computers be set up to request a certificate ... request a certificate for the PC, ... "Brian Komar" wrote: ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint