Re: Machine Cert Question - Web Request Question

I mean duplicating the Workstation Authentication certificate and changing the subject tab to state that the subject is provided in the request. You can then set permissions for a group that contains users who are local Administrators on the target boxes.
Brian

"JSC" <JSC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D7AC4FE8-2682-42EA-973E-37D3106EB8DA@xxxxxxxxxxxxxxxx
Brian, thanks, that helped a lot in explaining things.

Woud you mind expanding on the last part about creating a custom certificate
template.

Would this be like creating a template with a combination of workstation and
user certificate? We are already using user certificates, would workstation
and user signature only work?

"Brian Komar" wrote:

Inline...
"JSC" <JSC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:74B7FE85-37D9-49A5-9A21-E1018705D39A@xxxxxxxxxxxxxxxx
> We are looking to deploy machine certs in our domain for 802.1x port > based
> authentication.
>
> My question is what is the difference between the computer cert > template
> and
> the workstation cert template? Both say they can be used for
> workstation/server authentication. Is the Computer cert a V1 cert and
> the
> Workstation V2? Anybody have any experience setting this up in their
> environment that will be willing to share information, I would > appreciate
> it.

They are essentially the same. Both allow autoenrollment but through
different mechanisms. Computer (a v1 cert) allows autoenrollment through
ACRS. Workstation Authentication deploys through Autoenrollment Settings.
>
> In testing I have both workstation and the computer cert template > loaded
> on
> my CA, but I cannot seem to get these certs to show up as available to
> request through the certificate web pages. I will need to be able to > do
> this
> for machines that are not connected to the domain to get it through
> autoenrollment and Apple OS X machines.

Neither is available through the Web pages because Web page requests are
done in the security context of the user, and these certificates are
requested through the machine's identity. You would have to create a custom
certificate template (based on either workstation or computer) that allows
the subject to be provided in the request.

>


.

Relevant Pages

  • Re: Unable to install Godaddy cert on SBS R2 Standard box
    ... I recently bought a ten year Turbo SSL cert, but I want to rebuild my server ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ...
    (microsoft.public.windows.server.sbs)
  • Re: Pocket PC 2003 - Can access OMA etc, but cannot sync with ActiveSync
    ... I think I originally imported the wrong cert from the workstation. ... of problem on SBS2k and Win2k where Exchange is in the default site and the ... I tried to install the certificate yesterday ...
    (microsoft.public.windows.server.sbs)
  • Re: Machine Cert Question - Web Request Question
    ... the subject tab to state that the subject is provided in the request. ... Would this be like creating a template with a combination of workstation ... My question is what is the difference between the computer cert ...
    (microsoft.public.windows.server.security)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... How are you requesting the Cert? ... > enterprise admins still cant request cert everytime i request i get this ... > The certificate cannot be installed because of one or more of the following ... >>> Recovery and cannot be added as a recovery agent. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Wireless connection problem from XP Pro SP2 to SBS 2003
    ... I go to request a certificate. ... I went ahead and requested a User cert, ... This computer can connect to other wireless networks without problems. ...
    (microsoft.public.windows.server.sbs)