Re: client user certificates
- From: briandel@xxxxxxxxxxxxxxxxxxxx (Brian Delaney [MSFT])
- Date: Wed, 28 Mar 2007 02:45:11 GMT
Hi,
Please review my previous post on this thread. You can autoenroll a user
in certificates using Windows Server 2003 Enterprise Edition Enterprise CAs
and Windows XP / Vista clients. Autoenrollment of user certificates will
occur <= 1 minute after logon and can occur without any user intervention.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: <param@xxxxxxxxxxxxxxxx><uBfWRZcZHHA.1296@xxxxxxxxxxxxxxxxxxxx>
References: <#ne878bZHHA.2432@xxxxxxxxxxxxxxxxxxxx>
<ugSHvKqZHHA.1388@xxxxxxxxxxxxxxxxxxxx>
<eJAH3vqZHHA.3268@xxxxxxxxxxxxxxxxxxxx>
<Ojj0EgyZHHA.3612@xxxxxxxxxxxxxxxxxxxx>
<OkwYuiyZHHA.1580@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: client user certificatesrequiring
Date: Wed, 21 Mar 2007 09:46:00 -0500
Yes, but it would be nice if there was a way to autoenroll the user. The
user has already been authenticated using domain credentials to get access
to his/her workstation. At that point, the seperate step of going to the
certsrv website to request one is a little redundant. Atleast in our
scenario it is since they go to the site, click on request cert, submit
request and immediately their cert is automatically approved.
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:OkwYuiyZHHA.1580@xxxxxxxxxxxxxxxxxxxxxxx
<param@xxxxxxxxxxxxxxxx> wrote in message
news:Ojj0EgyZHHA.3612@xxxxxxxxxxxxxxxxxxxxxxx
So would one of those certificates be the same certificate used in
Internet Explorer for authentication against a secured website
toclient certs?
No. But you could arrange those to be obtained by a user on
an internal webpage (http://server.domain.com/certserv
These can be set by policy to be auto-approved even in Win2000
(this is NOT the same as autoenrollment where the user machine
just requests it for the user without the user having to ask.)
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:eJAH3vqZHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx
<param@xxxxxxxxxxxxxxxx> wrote in message
news:ugSHvKqZHHA.1388@xxxxxxxxxxxxxxxxxxxxxxx
What about User Certs?
EFS and S/MIME are certificates for users; they aren't general purpose
however.
1) EFS
2) Email (S/MIME)
3) IPSec (for computers)
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:uBfWRZcZHHA.1296@xxxxxxxxxxxxxxxxxxxxxxx
<param@xxxxxxxxxxxxxxxx> wrote in message
news:%23ne878bZHHA.2432@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
We have a Windows Server 2003 domain environment with a Enterprise
Root CA installed. Clients are Windows XP Pro. Some of our apps use
client certificates for user identification and today the users go
serverthe certificate enrollment website that is installed on the CA
loginto retrieve their client certs.
Is there a way via Group Policy or some other mechanism for the the
CA to automatically issue a domain user a client cert when they
kindsto their workstation for the first time? I guess, this would also
need to apply when certificates come up for renewal.
It would be awesome if this can be done.
(Enterprise) Win2003 Cert Services can automatically issue three
of Certs:
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Prev by Date: Re: Windows 2003 domain controller
- Next by Date: Re: Managing Nested Groups sending Email
- Previous by thread: Re: client user certificates
- Next by thread: Re: client user certificates
- Index(es):
Relevant Pages
|
