Re: How to request a COMPUTER certificate using EAP-TLS and w2k3 IAS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: Peter Ullrich <unendlich@xxxxxx>
• Date: Wed, 17 Aug 2005 12:59:00 +0200

---

What do you mean with tweak the server's pages? I can optain the user cert via WEB but not the computer cert!?

Is a standalone CA able to issue Certs? I thought, only an enterprise CA would be able to do this if only one CA-tier is used.

thx

Peter

Thomas K wrote:

It is easy if your MS CA is running as standalone, not as enterprise CA.
As I understand, your MS CA is running as enterprise CA. You then need to tweak the server's pages (HTML/ASP).

Regards,

/Thomas

"Peter Ullrich" <unendlich@xxxxxx> wrote in message news:79669$43026004$506c39c9$30812@xxxxxxxxxxxxxxxxx

Hello!

System architecture: WinXP-Clients (WLAN), 3Com/Cisco AP, W2k3 Enterprise Server, Enterprise single tier CA running.

Is there a way to request a computer certificate for an WLAN-Client computer which is not part of the domain? Optaining an user certificate is no problem via web enrolment (servername/certsrv)without being part of the domain, but how to get the computer cert?

I also tried to open the certificate snap-in for remote computers and choose the WLAN-Client computer (which is registered in AD). But when i try to expand the tree I get the error message, that I dont have the permission to manage the certificate store for this remote computer (I was logged on as administrator)

So how can I get a COMPUTER cert without beiing part of the domain?

Would be nice, if anyone has suggestions or something like that :-)

greetings

Peter

.

---

• References:
  • How to request a COMPUTER certificate using EAP-TLS and w2k3 IAS
    • From: Peter Ullrich
  • Re: How to request a COMPUTER certificate using EAP-TLS and w2k3 IAS
    • From: Thomas K

• Prev by Date: Push static route with IAS and RRAS ?
• Next by Date: disable need for domain computer account for wireless access
• Previous by thread: Re: How to request a COMPUTER certificate using EAP-TLS and w2k3 IAS
• Next by thread: Push static route with IAS and RRAS ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ADFS Token-signing Certs Not in Trusted Root Store ... This is good info, Joe. ... So now I know that the token-signing certificate is ... Get a signing cert from a CA ... case, you never have to worry about expiration or CRL checking, as your cert ... (microsoft.public.windows.server.active_directory) Re: Issues with SSL on Win CE 5.0 ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ... (microsoft.public.windowsce.embedded) Re: Accessing certificate store from ASP.NET web project ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ... (microsoft.public.dotnet.security) Re: Activesync between Windows Mobile 5 and SBS2003 gives error ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ... (microsoft.public.windows.server.sbs) Re: Dummies Guide for RADIUS/Certs ... I have set up IAS. ... client computers impacts certificate enrollment. ... configure Group Policy for domain member wireless clients so ... Cert Templates that is now enrolled on the IAS server. ... (microsoft.public.internet.radius)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2005-08