|
Posted by S. Pidgorny on October 16, 2006, 6:14 am
Please log in for more thread options
I think you can. You can even enroll offline and bring the certificate
across in a PKCS #12 (.pfx) package. Important stuff: subject is the DC
FQDN, and the cert is to contain both server and client authentication
attributes.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
> Hi,
> I am familiar with the procedure "Advanced Certificate Enrollment and
> Management" from
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx?pf=true#E6
>
> my question is: I have an AD 2003 and no CA in my organization. The
> only available CA is some open source CA held at another organization.
>
> Is there a way to create a certificate and key pair at the other org.
> and unstall the cert and keys at my DC later?
>
> Tanks
> Gal Alton
>
| 
XML Sitemap