Re: do i need an Enterprise version to auto-enroll user certificate

From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
Date: Wed, 26 Apr 2006 11:39:40 -0400

In news:untEVvTaGHA.3736@xxxxxxxxxxxxxxxxxxxx,
MLi <lige888@xxxxxxxxx> stated, which I commented on below:

I have root CA and sub CA. USers request certificate from sub CA.
My question is, to enable user certificate auto-enrollment, if my
Root CA is enterprise version,does the sub CA need to be an
enterprise version windows? another dumb question: What if Root CA is
std version but sub CA is enterprise version, will auto-enrollment
work?

The issuing CA needs to be Enterprise. If you have an offline root CA that
you use to issue a cert for the Enterprise Subordinate CA, which will be
your certificate issuing CA, then the Enterprise Sub CA must be Enterprise
and not the offline root.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

.

References:
- do i need an Enterprise version to auto-enroll user certificate
  - From: MLi

Prev by Date: Re: domain admin group
Next by Date: Re: Location attribute in AD
Previous by thread: do i need an Enterprise version to auto-enroll user certificate
Next by thread: Re: Manage Workstation Rites
Index(es):
- Date
- Thread

Relevant Pages

Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA
... certificate and I get a "Cannot verify certificate chain. ... revocation because the revocation server was offline. ... the root ca? ... Online>>> Online Enterprise Subordinate CA ...
(microsoft.public.windows.server.security)
Re: How to determine Role on a installed CA?
... If you do you can be 100% sure you have Enterprise ... To see if it is subordinate or root, check your CA certificate... ...
(microsoft.public.windows.server.networking)
Re: W2K3 3-tier CA Implementation
... No matter what environment you are in, install a standalone ROOT CA. ... based on the standalone subordinate CA. ... I agree with issuing CAs being enterprise CAs. ... You do not use a certificate tempalte for the ...
(microsoft.public.security)
Re: Need advice for CA Model
... The root CA must be trusted on all the clients that will enroll to the ... certificates, each certificate must correspond to a user in AD with a UPN ... The enterprise CA automatically creates ... The second CA was a standalone ...
(microsoft.public.win2000.security)
Re: W2K3 3-tier CA Implementation
... for a W2K3 Enterprise CA solution. ... How do you intend to change an online CA to an offline CA? ... *standalone* CAs for the root and policy tier. ... You do not use a certificate tempalte for the ...
(microsoft.public.security)