Re: Automatically Renewing User Certificates from Inhouse CA?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 03/25/05
- Previous message: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- In reply to: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Next in thread: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Mar 2005 00:29:35 -0600
Yikes. I need to learn to spell better. "be sure to select to export the
certificate change" should read "be sure to select to export the certificate
chain". The reason is that the CA's certificate will also be exported with
the .pfx file so that the computer that the .pfx file is imported into will
then be able to trust your CA. --- Steve
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:dcqdnbVJ5rAAMN7fRVn-tw@comcast.com...
> Well I think you could logon to a computer as that user, use Web
> Enrollment to request the certificate, and then use mmc certificates
> snapin for user certificates, go to the personal/certificates folder, and
> then export that user's certificate and private to a password protected
> .pfx file. When you do such be sure to select to export the certificate
> change and do not select strong private key protection unless you need to
> enable it. If you can not export the user's private key then you will have
> to make an advanced request, select user certificate and then select make
> private key exportable. Then you can send the certificate to a user and
> provide then with the password for the .pfx file which you may not want to
> do over email which usually is sent in clear text.
>
> I have not tried this myself and you may want to try it where you enable
> the Exchange user certificate template in the CA Management Console
> [policy settings/new - certificate to issue]. Then use Web Enrollment for
> advanced request, select Exchange user, and then you can enter a user's
> name being sure to select that the private keys are exportable. Then go to
> your mmc certificates snapin for user and find the certificate and export
> it and the private key to a .pfx file. This may or may not work for your
> situation but if it does it will make it easier for you to request
> certificates for users. Be sure to test it out for a couple users before
> doing it for one hundred and finding out it does not work for what you
> need. The link below is what you requested in your other post. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;254632
>
>
> <mvanzwieten@gmail.com> wrote in message
> news:1111727635.244788.150170@f14g2000cwb.googlegroups.com...
>> Thank you very much Steve... I was wondering if you could answer this
>> other question I had about certificates?
>>
>> Is there any way for me to request a user certificate on their behalf,
>> and be able to physically send that certificate file to them via email?
>> It seems to me like the only person that can physically handle this
>> certificate would be the actual user themselves, needing to be logged
>> in as this user in order to request and receive the certificate? You
>> would think that as an admin, I could say "OK, let me select this
>> user's certificate, and let me save it, so I can email it to them"...
>> I'm not sure if this can be done, please let me know what you think?
>>
>> Thanks again,
>> Mike
>>
>
>
- Previous message: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- In reply to: Steven L Umbach: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Next in thread: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Reply: mvanzwieten_at_gmail.com: "Re: Automatically Renewing User Certificates from Inhouse CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
