Re: Computer Certificates

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 01/29/05 

Date: Sat, 29 Jan 2005 15:36:55 -0600

In article <#TydSVkBFHA.1084@tk2msftngp13.phx.gbl>, mike@twofatfrogs.com
says...
> Hey all,
> I have a SBS server, but I think this question is more geared for just
> Server 2003. I have a laptop that is part of my work network and thats a
> SBS2K3 domain. It has a computer certificate installed. At home, i'm running
> SBS2K3 also...but I don't want the laptop to be part of the domain. I DO
> want a computer certificate on the laptop when I bring it home though for
> 802.11x authentication for my wireless setup.
> The problem I have is that although it has a certificate for the work
> domain, when I take it home and try to bring up
> http://sbserver.mydomain.local/certsrv and attempt to order another computer
> certificate, the option is not there for computer, just user and some other
> things I dont need.
> So the question is, how do I request a computer certificate on a
> computer that is not part of the domain? Thanks for your help in advanced!
>
> Michael
>
>
>
You have two options:

1) Use the Router (offline request) certificate template. You can only
request certificates that allow you to manually provide the subject of
the certificate in the request, since your computer is not part of the
domain. Normally, I would recommend to create a version 2 certificate
template to meet your specs, but you are using SBS, and the CA for SBS
is equivalent to Windows 2k3, Standard Edition (cannot issue
certificates based on version 2 certificate templates).

2) abandon the use of computer certificates and use a user certificate
to authenticate to the wireless network. You are not running logon
scripts or having GPO applied at home, so this works fine. The
credentials in the user certificate (or better yet, Authenticated
Session), will become available once you are logged into your laptop (as
part of your user profile).

Either method will work for you
HTH,
Brian

Relevant Pages

  • Re: Outlook over internet RPC not working
    ... Purely anecdotally, I've found that in the absence of a different, obvious cause, it's the certificate. ... Since you've already compared the settings against the working laptop, I'd try checking to see that they both have the same certificate, and then regardless of the configuration on the working machine, install the certificate into Trusted Root Certification Authorities on the one that's acting up. ... Have you installed the SBS self signed cert on the troublesome laptop by ...
    (microsoft.public.windows.server.sbs)
  • Re: 802.1X help needed
    ... Vortex is the SBS server, hellknight is the laptop. ... I thought "vortex" was the laptop, but is it actually the SBS? ... the certificate you are seeing is probably the Domain Controller ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Mobile 5 and ActiveSync 4.2 Self Signed Certificate er
    ... Did you get the white paper from the Technical Documentaiton section of the SBS 2003 Website? ... The instructions for getting the cert over to a WM5 device are pretty clear ... Unable to locate any certificate files. ... > Okay...So I found the sbsmobcfg.exe file and ran it on my laptop. ...
    (microsoft.public.windows.server.sbs)
  • Re: Computer Certificates
    ... I have a laptop that is part of my work network and thats a ... It has a computer certificate installed. ... template to meet your specs, but you are using SBS, and the CA for SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: Computer Certificates
    ... I have a laptop that is part of my work network and thats a ... It has a computer certificate installed. ... template to meet your specs, but you are using SBS, and the CA for SBS ...
    (microsoft.public.windows.server.security)