Re: VPN Logons - Certificates

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Sep 2006 13:30:19 -0500

Hi DJ.

You may also want to post in the Microsoft.public.security.crypto newsgroup
which is dedicated to such questions. Offhand I don't know the answer to
your question. The info at the link below may be helpful if you have not
seen it yet.

Steve

http://www.microsoft.com/technet/itsolutions/msit/security/smartcrd.mspx

"DJ" <none> wrote in message news:uViOcG41GHA.4972@xxxxxxxxxxxxxxxxxxxxxxx

Hello All:

Don't know where else to post this since there are no groups pertaining
specifically to Certificate Services. I am trying to configure an
enrollment station to issue certificates to VPN clients who will be using
smartcards. Here's what I've done and here is the problem:

Setup an Enterprise ROOT CA to issue the cert and will take offline.
Setup a subordinate CA and requested certificate from root and installed.
Installed the smartcard logon user template - made sure permissions are
set
Installed ceretificate in the Personal store of the account I will use
when issuing the Certs to VPN users.

Problem is, when I logon to the cert server http://localhost/certsrv and
select advanced and then request on behalf of another user, there is no
certificate to chose from in the Administrator Signing Certificate drop
down....no certificates are available.

Driving me nuts! Any help would be greatly appreciated.

DJ

References:
- VPN Logons - Certificates
  - From: DJ

Prev by Date: Re: Logging on to Domain with user account hide sharing & security tab
Next by Date: Re: Windows 2000 User/Group
Previous by thread: VPN Logons - Certificates
Next by thread: Re: Windows Server 2000 and Terminal Server security issue
Index(es):
- Date
- Thread

Relevant Pages

Re: ADFS Token-signing Certs Not in Trusted Root Store
... This is good info, Joe. ... So now I know that the token-signing certificate is ... Get a signing cert from a CA ... case, you never have to worry about expiration or CRL checking, as your cert ...
(microsoft.public.windows.server.active_directory)
Re: Issues with SSL on Win CE 5.0
... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
(microsoft.public.windowsce.embedded)
Re: Accessing certificate store from ASP.NET web project
... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
(microsoft.public.dotnet.security)
Re: Web Certificate for IIS Server on SBS Domain
... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
(microsoft.public.windows.server.sbs)
Re: Dummies Guide for RADIUS/Certs
... I have set up IAS. ... client computers impacts certificate enrollment. ... configure Group Policy for domain member wireless clients so ... Cert Templates that is now enrolled on the IAS server. ...
(microsoft.public.internet.radius)