Click here to get back home

Multiple user certificate thumbprint
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Multiple user certificate thumbprint lbcben 04-19-2006
Posted by lbcben on April 19, 2006, 10:04 pm
Please log in for more thread options
 Hi all,

I just deployed an Enterprise CA, everything seems ok, except when I login
to m 1st PC, I got my cert. ( note down my serial number + thumbprint)

when I logon to another 2nd PC onwards, I got different thumbprint, for each
new machine I logged.

resulting in my CA console, when I search for my certificate, I have
multiple cert of my own.

What is happen?

Can someone advise.
Thanks

Posted by Paul Adare on April 20, 2006, 4:45 am
Please log in for more thread options
 microsoft.public.windows.server.security news group, =?Utf-8?B?bGJjYmVu?

> I just deployed an Enterprise CA, everything seems ok, except when I login
> to m 1st PC, I got my cert. ( note down my serial number + thumbprint)
>
> when I logon to another 2nd PC onwards, I got different thumbprint, for each
> new machine I logged.
>
> resulting in my CA console, when I search for my certificate, I have
> multiple cert of my own.
>
> What is happen?
>

What is the certificate used for? Does it really matter that you have
multiple certificates?

What you're seeing is by design. You've obviously got the certificate
template in question configured for autoenrollment and you're not using
roaming user profiles which means that you'll be issued a new
certificate on every machine you log on to. How else would you expect to
have access to the certificate at every machine you log on to?

If you give a little more information I can probably suggest some
solutions.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain

Posted by lbcben on April 23, 2006, 11:22 pm
Please log in for more thread options

Hi Paul,

thanks for your reply, actually I just take over this CA as part of my work
scope.

therefore not so familiar in terms of certificate "distribution" in a same
domain.

1. Does it mean in my 1st post, my "problem/issue" are actually
normal?

2. Sorry, I didn't mentioned one thing: Currently, we are testing on EFS
recovery, I was told that 1 user should only have a certificate with its
unique thumbprint but not "Same Multiple user certificate, each with
different thumbprint in different workstation"

meaning if using EFS, user cert must be using same thumbprint not multiple
thumbrprint.

Please advise.
Thanks

Similar ThreadsPosted
Serial/Thumbprint of Certificate attached to CA? September 21, 2005, 6:04 pm
Adding multiple entries for the same user with xcacls... July 19, 2007, 2:21 pm
Folder Encryption Multiple User Access October 16, 2007, 10:35 am
Firewall setting for multiple FTP sites using multiple ports September 12, 2006, 12:35 pm
"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages September 21, 2006, 1:31 pm
Restrict AD-User to one X509 Certificate per Certificate template? July 12, 2007, 12:18 pm
Multiple Password Policies? June 22, 2005, 12:15 pm
Can I have multiple password policies? March 19, 2007, 1:17 am
User notification before certificate expires May 30, 2006, 4:19 pm
Certificate recovery on user profile October 25, 2006, 9:34 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap