Re: Machine Cert Question - Web Request Question
- From: "Brian Komar" <brian.komar@xxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Feb 2008 17:07:48 -0600
Inline...
"JSC" <JSC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:74B7FE85-37D9-49A5-9A21-E1018705D39A@xxxxxxxxxxxxxxxx
We are looking to deploy machine certs in our domain for 802.1x port based
authentication.
My question is what is the difference between the computer cert template and
the workstation cert template? Both say they can be used for
workstation/server authentication. Is the Computer cert a V1 cert and the
Workstation V2? Anybody have any experience setting this up in their
environment that will be willing to share information, I would appreciate it.
They are essentially the same. Both allow autoenrollment but through different mechanisms. Computer (a v1 cert) allows autoenrollment through ACRS. Workstation Authentication deploys through Autoenrollment Settings.
In testing I have both workstation and the computer cert template loaded on
my CA, but I cannot seem to get these certs to show up as available to
request through the certificate web pages. I will need to be able to do this
for machines that are not connected to the domain to get it through
autoenrollment and Apple OS X machines.
Neither is available through the Web pages because Web page requests are done in the security context of the user, and these certificates are requested through the machine's identity. You would have to create a custom certificate template (based on either workstation or computer) that allows the subject to be provided in the request.
.
- Prev by Date: Re: using web enrollment for servers etc.
- Next by Date: Auditing user OU Changes
- Previous by thread: Server 2008 Domains - Security issue
- Next by thread: Re: Machine Cert Question - Web Request Question
- Index(es):
Relevant Pages
|
Loading
