| Author | Messages | |
christine.allen
Posts:18
 | | 01/02/2009 1:32 PM |
| Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally
using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
Christine.Allen@SalemFive.com <mailto:Christine.Allen@SalemFive.com>
<mailto:u@salemfive.com>
*** This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this message in error, please inform the sender and
remove any record of this message. ***
| | | |
| deji
Posts:257
| | 01/02/2009 1:56 PM |
| google for "Certificate Autoenrollment in Windows Server 2003"
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com [Christine.Allen@salemfive.com]
Sent: Friday, January 02, 2009 10:28 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
Christine.Allen@SalemFive.com<mailto:Christine.Allen@SalemFive.com>
<mailto:u@salemfive.com>
*** This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this message in error, please inform the sender and remove any record of this message. ***
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ZJORZ
Posts:276
| | 01/02/2009 1:58 PM |
| Nope. AD does not provide a request an approval mechanism. However, ILM 2007 FP1 consists of the following components:
· Object Provisioning and Sync Service
· Password Sync between connected data sources
· Certificate and Smart Card Management
The third component (which is CLM - Certificate Lifecycle Manager) leverages amongst others AD and has features such a requests and approvals, auditing of actions, etc
For more info see:
http://technet.microsoft.com/en-us/library/cc708653.aspx
http://windowsitpro.com/article/articleid/93140/introducing-microsoft-certificate-lifecycle-manager.html
http://msdn.microsoft.com/en-us/library/bb468065(VS.85).aspx
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
(: +31 (0)6 26.26.62.80 | (: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
-: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google <http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> Maps) (Live <http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1> Maps)
<blocked::blocked::http://www.oxfordcomputergroup.com/> www.oxfordcomputergroup.com | Expertise in Identity & Access Management
Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
________________________________________________________________
MVP Profile à https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site à https://mvp.support.microsoft.com/
MVP Overview à https://mvp.support.microsoft.com/mvpexecsum
BLOG à http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com
Sent: Friday, January 02, 2009 19:29
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
<mailto:Christine.Allen@SalemFive.com> Christine.Allen@SalemFive.com
*** This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this message in error, please inform the sender and remove any record of this message. ***
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
| | | |
| christine.allen
Posts:18
| | 01/02/2009 2:02 PM |
| Did that. Just wanted to make sure I was remembering correctly.
Thanks.
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
Christine.Allen@SalemFive.com
*** This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this message in error, please inform the sender and
remove any record of this message. ***
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Friday, January 02, 2009 1:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
google for "Certificate Autoenrollment in Windows Server 2003"
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT -5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon ________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com [Christine.Allen@salemfive.com]
Sent: Friday, January 02, 2009 10:28 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally
using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
Christine.Allen@SalemFive.com<mailto:Christine.Allen@SalemFive.com>
<mailto:u@salemfive.com>
*** This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.
If you received this message in error, please inform the sender and
remove any record of this message. ***
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ZJORZ
Posts:276
| | 01/02/2009 2:45 PM |
| Forgot to mention (my mistake)
It is however possible to configure the CA to require approvals for certs that are requested. . The approval must be done through the CA MMC. And that is basically it you can do with regards to approval.
CLM also provides workflow
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
(: +31 (0)6 26.26.62.80 | (: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
-: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google <http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> Maps) (Live <http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1> Maps)
<blocked::blocked::http://www.oxfordcomputergroup.com/> www.oxfordcomputergroup.com | Expertise in Identity & Access Management
Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
________________________________________________________________
MVP Profile à https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site à https://mvp.support.microsoft.com/
MVP Overview à https://mvp.support.microsoft.com/mvpexecsum
BLOG à http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida Pinto
Sent: Friday, January 02, 2009 19:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
Nope. AD does not provide a request an approval mechanism. However, ILM 2007 FP1 consists of the following components:
· Object Provisioning and Sync Service
· Password Sync between connected data sources
· Certificate and Smart Card Management
The third component (which is CLM - Certificate Lifecycle Manager) leverages amongst others AD and has features such a requests and approvals, auditing of actions, etc
For more info see:
http://technet.microsoft.com/en-us/library/cc708653.aspx
http://windowsitpro.com/article/articleid/93140/introducing-microsoft-certificate-lifecycle-manager.html
http://msdn.microsoft.com/en-us/library/bb468065(VS.85).aspx
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
(: +31 (0)6 26.26.62.80 | (: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
-: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google <http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> Maps) (Live <http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1> Maps)
<blocked::blocked::http://www.oxfordcomputergroup.com/> www.oxfordcomputergroup.com | Expertise in Identity & Access Management
Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
________________________________________________________________
MVP Profile à https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site à https://mvp.support.microsoft.com/
MVP Overview à https://mvp.support.microsoft.com/mvpexecsum
BLOG à http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com
Sent: Friday, January 02, 2009 19:29
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
<mailto:Christine.Allen@SalemFive.com> Christine.Allen@SalemFive.com
*** This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this message in error, please inform the sender and remove any record of this message. ***
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
| | | |
| deji
Posts:257
| | 01/02/2009 5:40 PM |
| I thought the OP wanted to configure the CA to auto-approve cert requests. In other worlds, autoenrollment. No?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida Pinto [Jorge.deAlmeidaPinto@oxfordcomputergroup.com]
Sent: Friday, January 02, 2009 11:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
Forgot to mention (my mistake)
It is however possible to configure the CA to require approvals for certs that are requested. . The approval must be done through the CA MMC. And that is basically it you can do with regards to approval.
CLM also provides workflow
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
•: +31 (0)6 26.26.62.80 | •: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
•: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google Maps<http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> (Live Maps<http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1>
www.oxfordcomputergroup.com<UrlBlockedError.aspx> | Expertise in Identity & Access Management
Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
[cid:image001.png@01C96D1A.26FB9910]
________________________________________________________________
MVP Profile --> https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site --> https://mvp.support.microsoft.com/
MVP Overview --> https://mvp.support.microsoft.com/mvpexecsum
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida Pinto
Sent: Friday, January 02, 2009 19:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
Nope. AD does not provide a request an approval mechanism. However, ILM 2007 FP1 consists of the following components:
• Object Provisioning and Sync Service
• Password Sync between connected data sources
• Certificate and Smart Card Management
The third component (which is CLM – Certificate Lifecycle Manager) leverages amongst others AD and has features such a requests and approvals, auditing of actions, etc
For more info see:
http://technet.microsoft.com/en-us/library/cc708653.aspx
http://windowsitpro.com/article/articleid/93140/introducing-microsoft-certificate-lifecycle-manager.html
http://msdn.microsoft.com/en-us/library/bb468065(VS.85).aspx
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
•: +31 (0)6 26.26.62.80 | •: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
•: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google Maps<http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> (Live Maps<http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1>
www.oxfordcomputergroup.com<UrlBlockedError.aspx> | Expertise in Identity & Access Management
Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
[cid:image001.png@01C96D1A.26FB9910]
________________________________________________________________
MVP Profile --> https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site --> https://mvp.support.microsoft.com/
MVP Overview --> https://mvp.support.microsoft.com/mvpexecsum
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com
Sent: Friday, January 02, 2009 19:29
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
Christine.Allen@SalemFive.com<mailto:Christine.Allen@SalemFive.com>
*** This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this message in error, please inform the sender and remove any record of this message. ***
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
| | | |
| ZJORZ
Posts:276
| | 01/02/2009 5:44 PM |
| The OP is seeking for approvals (that's what I understood).... you can configure the CA to hold back requests until a CA admin approves. But that's it! If you want more functionality such as workflows, mail notifications, etc you need something like CLM
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
O: +31 (0)6 26.26.62.80 | :: +31 (0)70 36.21.045 | : +31 (0)70 36.21.677
3: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google Maps) (Live Maps)
www.oxfordcomputergroup.com | Expertise in Identity & Access Management
Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
________________________________________________________________
MVP Profile → https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site → https://mvp.support.microsoft.com/
MVP Overview → https://mvp.support.microsoft.com/mvpexecsum
BLOG → http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: Friday, January 02, 2009 23:25
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
I thought the OP wanted to configure the CA to auto-approve cert requests. In other worlds, autoenrollment. No?
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida Pinto [Jorge.deAlmeidaPinto@oxfordcomputergroup.com]
Sent: Friday, January 02, 2009 11:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
Forgot to mention (my mistake)
It is however possible to configure the CA to require approvals for certs that are requested. . The approval must be done through the CA MMC. And that is basically it you can do with regards to approval.
CLM also provides workflow
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
•: +31 (0)6 26.26.62.80 | •: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
•: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google Maps<http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> (Live Maps<http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1>
www.oxfordcomputergroup.com<UrlBlockedError.aspx> | Expertise in Identity & Access Management Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
[cid:image001.png@01C96D1A.26FB9910]
________________________________________________________________
MVP Profile --> https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site --> https://mvp.support.microsoft.com/
MVP Overview --> https://mvp.support.microsoft.com/mvpexecsum
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida Pinto
Sent: Friday, January 02, 2009 19:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enrolling Certs
Nope. AD does not provide a request an approval mechanism. However, ILM 2007 FP1 consists of the following components:
• Object Provisioning and Sync Service
• Password Sync between connected data sources
• Certificate and Smart Card Management
The third component (which is CLM – Certificate Lifecycle Manager) leverages amongst others AD and has features such a requests and approvals, auditing of actions, etc
For more info see:
http://technet.microsoft.com/en-us/library/cc708653.aspx
http://windowsitpro.com/article/articleid/93140/introducing-microsoft-certificate-lifecycle-manager.html
http://msdn.microsoft.com/en-us/library/bb468065(VS.85).aspx
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux
•: +31 (0)6 26.26.62.80 | •: +31 (0)70 36.21.045 | 7: +31 (0)70 36.21.677
•: Sweelinckplein 9 - 11 (unit 11), 2517 GK, Den Haag, The Netherlands (Google Maps<http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&sspn=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+2517+GK,+Den+Haag,+The+Netherlands> (Live Maps<http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932&style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Sweelinckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C%20The%20Netherlands&encType=1>
www.oxfordcomputergroup.com<UrlBlockedError.aspx> | Expertise in Identity & Access Management Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1
[cid:image001.png@01C96D1A.26FB9910]
________________________________________________________________
MVP Profile --> https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site --> https://mvp.support.microsoft.com/
MVP Overview --> https://mvp.support.microsoft.com/mvpexecsum
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com
Sent: Friday, January 02, 2009 19:29
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
Christine.Allen@SalemFive.com<mailto:Christine.Allen@SalemFive.com>
*** This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this message in error, please inform the sender and remove any record of this message. ***
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3732 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3733 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature database 3733 (20090102) __________
The message was checked by ESET Smart Security.
http://www.eset.com
.+-��0������j�q.+-��0�����ˊ�E��Kj�!i�b��b����ןj�m | | | |
| gabriel/tfi
Posts:376
| | 01/03/2009 6:22 PM |
| Assuming youre talking about an Enterprise MS-PKI (AD integrated)
1) The autoapproval is a certificate template feature: Certificate
Template Properties - Issuance Requirements Tab - Require the following for
enrollment: - UNCHECK CA Certificate Manager Approval
2) The autoenrollment is set in the certificate template as well:
Certificate Template Properties Security Tab Read&Enroll&Autoenroll
permissions granted to the security group(s) of users/computers you want to
issue certificates to.
Also verify Autoenrollment GPO settings are enabled: User
Configuration/Windows Settings/Security Settings/Public Key
Policies/Autoenrollment Settings
http://technet.microsoft.com/en-us/library/cc787207.aspx
http://technet.microsoft.com/en-us/library/cc731522.aspx
Ciao Gabriele.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of
Christine.Allen@salemfive.com
Sent: venerdì 2 gennaio 2009 19.29
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enrolling Certs
Hello,
Windows 2003 environment. Is there a way to approval SSL certs globally
using Active Directory?
-Christine
Christine N. Allen
Senior Systems Engineer
SalemFive Bank
210 Essex Street
Salem, MA 01970
(T) 978-720-5928
<mailto:Christine.Allen@SalemFive.com> Christine.Allen@SalemFive.com
*** This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited. If
you received this message in error, please inform the sender and remove any
record of this message. ***
| | | |
|
|