PKI User certificate auto-enrollment for XP clients not logging onto domain computer

From: Enrico <nricko@xxxxxxxxx>
Date: 18 May 2007 08:02:35 -0700

Hello,

I am currently in the process of researching the features of user
certificate autoenrollment for a proof of concept using Outlook Web
Access to an Exchange 2007 environment.

I would like to implement a scenario where a user provisioned with an
exchange email box and address would be able to automatically obtain a
user certificate from the CA by accessing a secure portal or OWA.

1. Given that autoenrollment works via winlogon or Group policy, the
user should be able to obtain the certificate since they are
authenticating to AD with their username/password (as the user is a AD
account object), correct?

2. Does autoenrollment only work when a user logs onto a VPN or a
computer that is physically on the domain of the issuing CA?

Any links to documentation outlining this feature of PKI would be much
appreciated.

Thank you,

Enrico

.

Follow-Ups:
- Re: PKI User certificate auto-enrollment for XP clients not logging onto domain computer
  - From: Brian Komar

Prev by Date: Re: Application security issue
Next by Date: Re: Enterprise file auditing
Previous by thread: Re: Enterprise file auditing
Next by thread: Re: PKI User certificate auto-enrollment for XP clients not logging onto domain computer
Index(es):
- Date
- Thread

Relevant Pages

Re: PKI User certificate auto-enrollment for XP clients not logging onto domain computer
... I am currently in the process of researching the features of user ... certificate autoenrollment for a proof of concept using Outlook Web ... Given that autoenrollment works via winlogon or Group policy, ... I also cover it in my PKI book. ...
(microsoft.public.windows.server.security)
RE: SBS 2003 Mobile Sycn Problem
... If this is a certain client issue, it is much possibly related to Exchange ... the mailbox of specific user account as .PST file, ... on the "Web Server Certificate" page select "Create ... Install the SBS Self-Signed Certificate into PDA, ...
(microsoft.public.backoffice.smallbiz)
RE: SBS 2003 Mobile Sycn Problem
... Does this issue occur on a specific mobile device or multiple devices? ... If this is a certain client issue, it is much possibly related to Exchange ... the mailbox of specific user account as .PST file, ... on the "Web Server Certificate" page select "Create ...
(microsoft.public.backoffice.smallbiz)
Re: Outlook 2007 Certificate Error
... I did not get the UC/SAN cert since I didn't know what that meant, ... I know you can probably get away with a standard cert, such as what was used in Exchange 2003, and a few folks may respond that it works. ... Exchange 2007 UC/SAN Certificate ... If you name the internal domain the same as your Internet public domain name, in some time domain internal client will get the domain external IP. ...
(microsoft.public.windows.server.sbs)
Re: Dead Exchange Server
... Microsoft Certified Partner ... Server, and matched up every setting on my default, then deleted the new one, ... I would suggest downloading Exchange Best Practice and SBS Best Practice ... > certificate that was generated with the install, but i made a new one> to ...
(microsoft.public.exchange.connectivity)