Using Subordinate CA's

Guest · Jan 28, 2005

At one of my locations I setup an Enterprise Root CA, then also at the same
location I set up a Enterprise Subordinate CA. When I request a new
certificate through the Snap-in, it request a certificate from my Root CA
instead of my subordinate CA. How can I force the computers to request from
the Subordinate CA?

Guest · Jan 28, 2005

Sorry this is a duplicate of the thread above.

Brian Komar · Jan 28, 2005

Sorry this is a duplicate of the thread above.

Do an advanced request. This allows you to choose which enterprise CA
for the request submission

Brian

Guest · Jan 28, 2005

Wow. That was easy. Can computers be set up to request a certificate
automatically? I read where the GPO can be set up to where the computer
request a certificate for the PC, but what about User Certificates?

Brian Komar · Jan 28, 2005

Wow. That was easy. Can computers be set up to request a certificate
automatically? I read where the GPO can be set up to where the computer
request a certificate for the PC, but what about User Certificates?

If you are using the Windows Server 2003 enterprise CAs, running on
Windows Server 2003, Enterprise Edition, you can enable autoenrollment
for user through a combination of Version 2 certificate templates and
Group Policy.

The client computers *must* be running Windows XP.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/plan/auto
enro.asp

Alternatively, I have included a vbs script in my book that allows you
to perform scripted enrollment (automated enrollment) for user
certificates on Windows 2000 clients with CAPICOM loaded.

http://www.microsoft.com/MSPress/books/6745.asp

Brian
R

Guest · Jan 28, 2005

I am running Windows 2000 Server.

Brian Komar said:
If you are using the Windows Server 2003 enterprise CAs, running on
Windows Server 2003, Enterprise Edition, you can enable autoenrollment
for user through a combination of Version 2 certificate templates and
Group Policy.

The client computers *must* be running Windows XP.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/plan/auto
enro.asp

Alternatively, I have included a vbs script in my book that allows you
to perform scripted enrollment (automated enrollment) for user
certificates on Windows 2000 clients with CAPICOM loaded.

http://www.microsoft.com/MSPress/books/6745.asp

Brian

R

Brian Komar · Jan 28, 2005

I am running Windows 2000 Server.

If you are running Windows 2000 CAs, you can still use my script to
request certificates for user certificates.

Brian

Shreeniwas Kelkar [MSFT] · Jan 31, 2005

You should set up only the Sub CA to issue the templates you want. You can
do this by adding/removing certificate templates from under the certificate
templates node in the MMC CA snapin.

Requesting Certificate from Subordinate CA	1	Dec 22, 2006
Offline Root CA - AutoEnrollment	4	Mar 4, 2006
Subordinate CA	3	Oct 15, 2004
EFS and Certificate Services	9	Aug 24, 2005
Certificates and templates	2	Oct 4, 2007
Using Subordinate CA	1	Jan 28, 2005
Access is denied 0x8007005 error when adding Certiciate Authority	1	Mar 20, 2004
Need Help with my PKI again	2	Jun 18, 2004

Using Subordinate CA's

Guest

Guest

Brian Komar

Guest

Brian Komar

Guest

Brian Komar

Shreeniwas Kelkar [MSFT]

Ask a Question

Similar Threads