Announcement

Collapse
No announcement yet.

2003 Enterprise Certificate Authority

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2003 Enterprise Certificate Authority

    I am trying to set up an online subordinated Enterprise Certificate Authority using Windows 2003. I want to know if is it possible to use the web interface to make a request for a certificate without authenticating to the domain. I read this article and it sounds like it is not possible.


    Important


    An enterprise certification authority (CA) requires that the certificate requester be authenticated by the page so that it can determine the correct information to put in the certificate. If you don't have authentication set for the Web pages in an enterprise CA, then the pages will fail to generate a certificate or, if a certificate is generated, it will be useless. For this reason, integrated Windows authentication is set by default on enterprise CAs. This procedure is provided so that you can confirm the default setting or fix an erroneous change to the IIS Directory Security settings for an enterprise certification authority.


    SO anyone requesting a cert has to have an account on the domain?

  • #2
    Re: 2003 Enterprise Certificate Authority

    If you're talking about online as in "for the internet", then no that is not what Enterprise CA is designed for. You'd want a standalone CA to serve those that are not within your organization.

    If you don't have to produce many certificates, you can broker the certificate requests yourself if the application that is requesting the certificate will export that certificate request by using a base-64-encoded CMC or PKCS #10 file.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment


    • #3
      Re: 2003 Enterprise Certificate Authority

      Originally posted by jasonboche View Post
      If you're talking about online as in "for the internet", then no that is not what Enterprise CA is designed for. You'd want a standalone CA to serve those that are not within your organization.

      If you don't have to produce many certificates, you can broker the certificate requests yourself if the application that is requesting the certificate will export that certificate request by using a base-64-encoded CMC or PKCS #10 file.
      "online" as in i have an offline root CA stored away and this one is on the network. And it has to be a Enterprise CA because I need to use the certificate templates. So am I correct with my my first post? The user requesting the cert has to authenticate to AD?

      Comment


      • #4
        Re: 2003 Enterprise Certificate Authority

        From my studies:
        "Because the clients of an enterprise CA must have access to Active Directory to receive certificates, enterprise CAs are not suitable for issuing certificates to clients outside the enterprise."
        That doesn't answer your question directly but I think it gets the point across.
        VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
        boche.net - VMware Virtualization Evangelist
        My advice has no warranties. Follow at your own risk.

        Comment


        • #5
          Re: 2003 Enterprise Certificate Authority

          Thanks for your help

          Comment

          Working...
          X