Re: Certificate Renewal minimum requirements
From: MC (seaedsit_at_hotmail.com)
Date: Fri, 22 Oct 2004 14:37:18 +0200
David, thanks for that input.
Is the auto-enroll permission enough, or must the user be granted the
"enroll" permissions too ?
In the MS documents you can find statements, that when autoenroll
permissions are granted user always must have enroll permissions too.
The problem would be when enroll permissions are granted, users would be
able to enroll smart card user certificates by themselves. It only should be
possible to enroll smart card user certificates by a couple of admins who
own an enrollment agent certificate.
"David Cross [MS]" <email@example.com> wrote in message
> yes, they will still need autoenroll permission, I think we have an
> for usingf existing cert and auto-renewal in this paper:
> David B. Cross [MS]
> This posting is provided "AS IS" with no warranties, and confers no
> "MC" <firstname.lastname@example.org> wrote in message
> > Hi,
> > What are the minimum requirements to renew a smart card user certificate
> > stored on a smart card?
> > Is it necessary to give the user "enroll" permissions to renew an
> > certificate ?
> > I configured a copy of the smart card user template to allow renewal if
> > existing valid certificat exists.
> > Thanks
> > MC