Re: standalone CA customized certificate

From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
Date: Tue, 20 Mar 2007 07:46:21 -0400

Hi Sunil,

In article <D05B46FE-D697-4B0C-8904-
13BE2D025E0F@xxxxxxxxxxxxx>,
SunilVirmani@xxxxxxxxxxxxxxxxxxxxxxxxx says...

Hi Brain,

Does Request Editor is also included in msdn ? Is it possible to download it
from microsoft site ?

Not that I am aware of. I got permission to add it to
the book from MS internal.

Further Does EKU mean i need to provide new OID for my purpose?

You could, but only if you are writing your own app.
There is a default OID for client authentication.
- Client Authentication (1.3.6.1.5.5.7.3.2)

Further I want to add serial number and processor type of my terminal
machines in the certicate. Should i use SAN(subject alternative name) for
the same ?

Why do you want to add these? what purpose does it
server. You would have to define name forms if using a
SAN and provide ASN.1 information. It is possible, but I
am not sure if you want to go down that path. Each would
have to be provided manually, as this information is not
provided during an enrollment.

One more question is the certification services store information in the sql
server. Is there any interface to get the information from the certification
services database.

No, it is stored in its own JET database. iCertAdmin can
query the database.

Regards,
Sunil

"Brian Komar [MVP]" wrote:

In article <1174317577.823914.241020
@y66g2000hsf.googlegroups.com>, sunhcl@xxxxxxxxx says...

Basically i want to have some kind of machine certificate for thin
client.I want to authenticate thin terminals with that machine
certificate. Is there any standard certificate for machines.

<snip>
You would need to create a certificate with the Client
Authentication EKU. Now, you still need to determine if
your Citrix server or Terminal server can authenticate
using a machine certificate (I know that TS does not)...
It can use a user certificate (smart card), not a
machine cert.

Brian

Follow-Ups:
- Re: standalone CA customized certificate
  - From: Sunil Virmani

References:
- standalone CA customized certificate
  - From: sunil
- Re: standalone CA customized certificate
  - From: Brian Komar [MVP]
- Re: standalone CA customized certificate
  - From: sunil
- Re: standalone CA customized certificate
  - From: Brian Komar [MVP]

Prev by Date: Re: standalone CA customized certificate
Next by Date: Re: standalone CA customized certificate
Previous by thread: Re: standalone CA customized certificate
Next by thread: Re: standalone CA customized certificate
Index(es):
- Date
- Thread

Relevant Pages

Re: Need help configuring Wireless Connection profile
... "point" the info of the Radius authentication to your current Radius server. ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)
Re: OWA 2003 w/ Smart Card Authentication.
... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
(microsoft.public.exchange.connectivity)
Need help configuring Wireless Connection profile
... I have an SBS 2003 server and a Server 2003 member server set up using RADIUS ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP ... Certificate Services ...
(microsoft.public.windowsxp.general)
Re: Need help configuring Wireless Connection profile
... "point" the info of the Radius authentication to your current Radius server. ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)
Re: Need help configuring Wireless Connection profile
... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)