|
Posted by Brian Komar on May 14, 2007, 2:43 pm
Please log in for more thread options On Mon, 14 May 2007 19:22:27 +0800, Jeanne wrote:
> Ah, thanks for the tips Brian. Its great for those in the domain.
>
> But I suspect the MMC approach won't be applicable for our few other
> machines that are non-domain joined. I'm currently trying to understand how
> to use certreq utility to make this work. Hmn..
>
> Cheers.
>
>> On Mon, 14 May 2007 14:43:25 +0800, Jeanne wrote:
>>
>>> Hi all,
>>> Just a quick question: Our Enterprise Root CA in our AD forest is running
>>> on
>>> a DC on a Win2003 Standard Edition box. I read that a standard edition
>>> W2k3
>>> can only issue "Version 1" of security templates?
>>>
>>> Not sure if its any issue but if we want to obtain Windows Computer
>>> Certificates for client/server authentication (OID: 1.3.6.1.5.5.7.3.1 and
>>> ....3.2) purposes from this CA, is it possible? The web interface of an
>>> Enterprise CA don't give us the option to pick a "computer" certificate
>>> template. Must we absolutely need to setup an Win2k3 Enterprise edition
>>> based CA for this?
>>>
>>> A little confused. Need some quick pointer/light...
>>>
>>> Many thanks all.
>>> Cheers.
>>
>> It can issue the Computer certificate template. You just need to use the
>> correct resources. Do not use the Web page, as the request is in the
>> security context of the user.
>> Instead, open a new MMC, add the Certificates console and focus on the
>> Local Machine (you must be a member of the local Administrators).
>>
>> You can then request the Computer certificate
>> Brian
I would look at the Advanced Request whitepaper. It focuses on Domain
Controller certs, but can easily be extrapolated for computer certificates.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
Brian
| 
XML Sitemap