Re: Automatically Renewing User Certificates from Inhouse CA?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/25/05
- Next message: Steven L Umbach: "Re: Anonymous Logon"
- Previous message: Steven L Umbach: "Re: How to export W2K Effective Policy Setting?"
- In reply to: mvanzwieten_at_gmail.com: "Automatically Renewing User Certificates from Inhouse CA?"
- Next in thread: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Mar 2005 21:41:44 -0600
There is no way to automatically renew certificates in Windows 2000. You
will have to come up with a plan to have the users renew or obtain a new
certificate before their certificate expires. Windows 2003 Enterprise CA
when installed on Windows 2003 Enterprise Server allows the use of version 2
templates that can automatically enroll and renew user certificates. You can
use a Windows 2003 Enterprise CA in a Windows 2000 domain if you first
upgrade the forest schema. Only Windows XP Pro domain client computers can
use autoenrollment however. I believe you can also modify the registry on a
Windows 2000 CA in order to extend the life of the user certificates out to
two years for those issued after the registry mod. --- Steve
<mvanzwieten@gmail.com> wrote in message
news:1111587372.520638.141270@l41g2000cwc.googlegroups.com...
> Hi Everyone,
>
> I'm running a Win2k CA inhouse tied directly into Active Directory. In
> order to make use of EAP/TLS over VPN, I've logged onto local user's
> laptops, and downloaded user certificates for them from the CA webpage
> onto their laptops, and they use these certs when connecting through
> the VPN.
>
> The issue is this... The certificates are only good for 1 year. They
> do not renew themselves when they expire, and basically lock the person
> out from even using EAP/TLS over VPN after they expire.
>
> In order to get them working again, we have to manually browse over to
> the CA webpage, and download a new user cert all over again, deleting
> the old one that still sitting there, expired.
>
> Is there anyway to automatically make these user certs renew, or
> possibly force a renewal of that user cert on that machine?
>
> I would appreciate your advice! :)
>
> Thank you,
> Mike
>
- Next message: Steven L Umbach: "Re: Anonymous Logon"
- Previous message: Steven L Umbach: "Re: How to export W2K Effective Policy Setting?"
- In reply to: mvanzwieten_at_gmail.com: "Automatically Renewing User Certificates from Inhouse CA?"
- Next in thread: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
