Question regarding issuing certificates to users

madsudhindra · Mar 14, 2008

Hello,

I am in the process of setting up a Windows 2003 based CA setup for
my organization.

As part of the policy for issuing certificates, we want each enrolling
user to have only one certficate assigned to that user (the enrollment
of users will be done using the microsoft certificate services web
pages).

I would like to know as to how I can enforce such a policy. The
requirement is that if the user requests for an additional
certificate, the CA server should deny the request automatically. Is
there any way such a policy could be configured ?

Thanks for your help !!

Brian Komar \(MVP\) · Mar 14, 2008

I would look at credential roaming services as part of your solution.
It really depends on how you plan to deploy the certificates to answer your
question
Brian

madan.sudhindra · Mar 15, 2008

I would look at credential roaming services as part of your solution.
It really depends on how you plan to deploy the certificates to answer your
question

- Show quoted text -

Hi,

Could you please elaborate a little more on what you mean by "on how
you plan to deploy the certificates" ?

The setup is envisaged to be tied to our AD, and the AD going to be
our store for certificates.

Brian Komar \(MVP\) · Mar 15, 2008

How do you plan to issue the certificates to the users?
What you are telling me is how clients will find other users certificates
(say for encryption certs).
How are *you* going to get a certificate issued by *your* CA to a user on
your network.

- CertMgr
- Autoenrollment
- Web enrollment
- Face-to-Face meeting
- Use of a registration authority such as ILM
- Will the user have to undergo a vetting process to confirm their identity
- If they under go a vetting process, what forms of identification must be
shown
- Will the identification be recorded.
- Who will perform the validation of identity
- How often will they have to renew the certificate

It really is a simple question
Brian

<snip>
===================================

Hi,

Could you please elaborate a little more on what you mean by "on how
you plan to deploy the certificates" ?

The setup is envisaged to be tied to our AD, and the AD going to be
our store for certificates.

VPN Logons - Certificates	1	Sep 13, 2006
Certificates and templates	2	Oct 4, 2007
EFS Auto enroll	0	Jun 29, 2007
Group Policy for Computer Certificates	1	Aug 5, 2004
CA Problems	6	Mar 10, 2006
Web Enrollment Certificate Request Denied	2	Jul 5, 2004
Certificate Request Denied over Web Enrollment	0	Jul 1, 2004
Changing the AIA and CDP for an Issuing CA	0	Jun 21, 2004

Question regarding issuing certificates to users

madsudhindra

Brian Komar \(MVP\)

madan.sudhindra

Brian Komar \(MVP\)

Ask a Question

Similar Threads