Re: Automatically Renewing User Certificates from Inhouse CA?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 03/25/05
- Next message: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Previous message: Roger Abell: "Re: dns best security practices"
- In reply to: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Next in thread: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Mar 2005 00:22:41 -0600
Well I think you could logon to a computer as that user, use Web Enrollment
to request the certificate, and then use mmc certificates snapin for user
certificates, go to the personal/certificates folder, and then export that
user's certificate and private to a password protected .pfx file. When you
do such be sure to select to export the certificate change and do not select
strong private key protection unless you need to enable it. If you can not
export the user's private key then you will have to make an advanced
request, select user certificate and then select make private key
exportable. Then you can send the certificate to a user and provide then
with the password for the .pfx file which you may not want to do over email
which usually is sent in clear text.
I have not tried this myself and you may want to try it where you enable the
Exchange user certificate template in the CA Management Console [policy
settings/new - certificate to issue]. Then use Web Enrollment for advanced
request, select Exchange user, and then you can enter a user's name being
sure to select that the private keys are exportable. Then go to your mmc
certificates snapin for user and find the certificate and export it and the
private key to a .pfx file. This may or may not work for your situation but
if it does it will make it easier for you to request certificates for users.
Be sure to test it out for a couple users before doing it for one hundred
and finding out it does not work for what you need. The link below is what
you requested in your other post. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;254632
<mvanzwieten@gmail.com> wrote in message
news:1111727635.244788.150170@f14g2000cwb.googlegroups.com...
> Thank you very much Steve... I was wondering if you could answer this
> other question I had about certificates?
>
> Is there any way for me to request a user certificate on their behalf,
> and be able to physically send that certificate file to them via email?
> It seems to me like the only person that can physically handle this
> certificate would be the actual user themselves, needing to be logged
> in as this user in order to request and receive the certificate? You
> would think that as an admin, I could say "OK, let me select this
> user's certificate, and let me save it, so I can email it to them"...
> I'm not sure if this can be done, please let me know what you think?
>
> Thanks again,
> Mike
>
- Next message: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Previous message: Roger Abell: "Re: dns best security practices"
- In reply to: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Next in thread: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
