PKI SC Logon with no UPN.

From: Lavie BB (LavieBB_at_discussions.microsoft.com)
Date: 05/22/05

  • Next message: Lavie BB: "Re: PKI SC Logon with no UPN." 
    Date: Sun, 22 May 2005 01:41:01 -0700

    Hey,

    I want to enable a Smart Card Logon using a Certificate issued by 3rd party.
    one way which is the easy way is to add that CA in to directory - but this
    option would require the certificate to contain a UPN.

    My Q is :
    how can i allow a logon based on 3rd Party Certificate of user
    authentication (probably Client Authentication), what does it require - if
    possiable ? and how can it be restricted.

    The Designed Enviorment is Win 2k3 Forest with Ent CA (Net 1), Users of Net1
    is required to log on into Net1 using existing 3rd Party issued Auth
    certificates.

                   Thanks,

                          Lavie.

  • Next message: Lavie BB: "Re: PKI SC Logon with no UPN."

    Relevant Pages

    • Re: Adding Certificates
      ... > A certificate is a third party confirmation of your NAME, ... Thus a server certificate (which is probably what the OP ... process issues with domain name infrastructure also ... ...
      (comp.security.firewalls)
    • Re: 3rd party cert vs self signed
      ... Another thing is, depending on the CA, you can request a NetBIOS name in your certificate. ... Also, if you have an internal CA, you should be able to request a PKI cert and use that for SMTP. ... All you need to do is disable the 3rd party certificate from doing SMTP. ... You can do "Enable-ExchangeCertificate -Thumbprint thumbprinthere ...
      (microsoft.public.exchange.setup)
    • outlook web access
      ... What version of Exchange. ... Is the certificate from within your domain or a 3rd party ... >System Administrator ...
      (microsoft.public.exchange.misc)
    • Re: 3rd party or SBS certificate
      ... Technically speaking whether you use the self-signed certificate or a 3rd party one is the same thing. ... The difference is that the certificate issued by your server, isn't considered "trusted" because basically nobody knows who you are. ... If you decide to use the SBS certificate your users will be seeing a warning when they try to access the RWW interface and as far as the mobile phones go, you'll have to follow some steps to install the certificate on them. ...
      (microsoft.public.windows.server.sbs)
    • Send Client Certificate
      ... We have obtained a client certificate from a 3rd party to install and use to ... set objXMLDocument = Server.CreateObject ...
      (microsoft.public.windows.server.security)