Question regarding issuing certificates to users


M

madsudhindra

Hello,

I am in the process of setting up a Windows 2003 based CA setup for
my organization.

As part of the policy for issuing certificates, we want each enrolling
user to have only one certficate assigned to that user (the enrollment
of users will be done using the microsoft certificate services web
pages).

I would like to know as to how I can enforce such a policy. The
requirement is that if the user requests for an additional
certificate, the CA server should deny the request automatically. Is
there any way such a policy could be configured ?

Thanks for your help !!
 
Ad

Advertisements

B

Brian Komar \(MVP\)

I would look at credential roaming services as part of your solution.
It really depends on how you plan to deploy the certificates to answer your
question
Brian
 
M

madan.sudhindra

I would look at credential roaming services as part of your solution.
It really depends on how you plan to deploy the certificates to answer your
question









- Show quoted text -

Hi,

Could you please elaborate a little more on what you mean by "on how
you plan to deploy the certificates" ?

The setup is envisaged to be tied to our AD, and the AD going to be
our store for certificates.
 
Ad

Advertisements

B

Brian Komar \(MVP\)

How do you plan to issue the certificates to the users?
What you are telling me is how clients will find other users certificates
(say for encryption certs).
How are *you* going to get a certificate issued by *your* CA to a user on
your network.

- CertMgr
- Autoenrollment
- Web enrollment
- Face-to-Face meeting
- Use of a registration authority such as ILM
- Will the user have to undergo a vetting process to confirm their identity
- If they under go a vetting process, what forms of identification must be
shown
- Will the identification be recorded.
- Who will perform the validation of identity
- How often will they have to renew the certificate

It really is a simple question
Brian

<snip>
===================================

Hi,

Could you please elaborate a little more on what you mean by "on how
you plan to deploy the certificates" ?

The setup is envisaged to be tied to our AD, and the AD going to be
our store for certificates.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top