Windows 2000 Certificate Services Management / auto renew

G

Guest

We have a Windows 2000 CA in place and we are piloting a smartcard authentication project now. All appears to work fine but no notice is given to the certificate holder before their cert expires. Is there a COM object that I can use to script a parse of the Issuing CA's edb file for certs that are about to expire? CAPICOM does not "see" smartcard certs except those on the local system when the smartcard is inserted. When I perform a search with the CAPICOM object for ACTIVE_DIRECTORY_USER_STORE it only returns the certs issued for encryption, signing, etc. but never returns an EKU of smartcard logon
At the same time is there a method of auto-renewal of smartcard certs? This is a "show stopper" for our pilot. We have seen some features that may work in Windows 2003 Certificate Services but don't want to have to go to that extreme if not necessary. Any ideas are welcome

Thanks
Fred Dun
University of Texas Health Science Center
 
V

Vishal Agarwal[MSFT]

You can use ICertView COM interface to look into CA's database and find the
certificates that are about to expire.

For User certificate Auto-renewal, you should use V2 templates and have
atleast Windows XP as the client base.

Thanks,
Vishal [MSFT]

--
This posting is provided "AS IS" with no warranties, and confers no rights
Fred Dunn said:
We have a Windows 2000 CA in place and we are piloting a smartcard
Click to expand...
authentication project now. All appears to work fine but no notice is given
to the certificate holder before their cert expires. Is there a COM object
that I can use to script a parse of the Issuing CA's edb file for certs that
are about to expire? CAPICOM does not "see" smartcard certs except those on
the local system when the smartcard is inserted. When I perform a search
with the CAPICOM object for ACTIVE_DIRECTORY_USER_STORE it only returns the
certs issued for encryption, signing, etc. but never returns an EKU of
smartcard logon.
At the same time is there a method of auto-renewal of smartcard certs?
Click to expand...
This is a "show stopper" for our pilot. We have seen some features that may
work in Windows 2003 Certificate Services but don't want to have to go to
that extreme if not necessary. Any ideas are welcome.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IAS EAP-TLS Certificate Error 4
Smart Card Logon Failure with Windows 2003 Server (works with Windows 2000 server) 9
Need to replace/renew SSL cert and change OU in IIS 5.0 1
Certificate Authority CRL's 4
Certificate Services - Root CA 3
Automatically Renewing User Certificates from Inhouse CA? 7
Terminal Services logon 1
Create a computer certificate for non-connected machine? 1

Top