Digital Certificate Deployment



Victor Pereira
07-09-2005, 10:53 PM
Hi, there is any "easy way" to deploy digital certificates to ten thousands
of users ? Can I do it using Active Directory ? How can i generate digital
certificate to all domain users ?

Thanks in advance,

Victor

Massimiliano Luciani [MVP]
07-09-2005, 10:53 PM
Victor Pereira wrote:
> Hi, there is any "easy way" to deploy digital certificates to ten
> thousands of users ? Can I do it using Active Directory ? How can i
> generate digital certificate to all domain users ?
>
> Thanks in advance,
>
> Victor

Hi Victor,
Autoenrollment of user certs is available when you deploy EAP-TLS with the
user cert stored in the certificate store on the user's computer.
More information about Autoenrollment:
Step 1c: Installing User Certificates
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx

Only Windows XP and Windows Server 2003 wireless clients support user
certificate autoenrollment !

Ciao!
--
Massimiliano Luciani

Victor Pereira
07-09-2005, 10:53 PM
Capiche ;-)
Thanks,

Victor
"Massimiliano Luciani [MVP]" <maxl-p@online.libero.it> wrote in message
news:%23qzeMcfZFHA.1368@tk2msftngp13.phx.gbl...
> Victor Pereira wrote:
>> Hi, there is any "easy way" to deploy digital certificates to ten
>> thousands of users ? Can I do it using Active Directory ? How can i
>> generate digital certificate to all domain users ?
>>
>> Thanks in advance,
>>
>> Victor
>
> Hi Victor,
> Autoenrollment of user certs is available when you deploy EAP-TLS with the
> user cert stored in the certificate store on the user's computer.
> More information about Autoenrollment:
> Step 1c: Installing User Certificates
> http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
>
> Only Windows XP and Windows Server 2003 wireless clients support user
> certificate autoenrollment !
>
> Ciao!
> --
> Massimiliano Luciani
>
>

Steven L Umbach
07-09-2005, 10:53 PM
Good advice as long as the Certificate Authority is an enterprise CA
installed on Windows 2003 Server Enterprise Edition. Note that the clients
do not have to be wireless clients. A user on any Windows 2003 or Windows XP
Pro computer can use autoenrollment [when enabled in Group Policy and
user/group has read/enroll/autoenroll permissions to certificate template]
to obtain user certificates assuming that a Certificate Authority is an
enterprise CA installed on Windows 2003 Server Enterprise Edition. The link
below may help. --- Steve

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx


"Massimiliano Luciani [MVP]" <maxl-p@online.libero.it> wrote in message
news:%23qzeMcfZFHA.1368@tk2msftngp13.phx.gbl...
> Victor Pereira wrote:
>> Hi, there is any "easy way" to deploy digital certificates to ten
>> thousands of users ? Can I do it using Active Directory ? How can i
>> generate digital certificate to all domain users ?
>>
>> Thanks in advance,
>>
>> Victor
>
> Hi Victor,
> Autoenrollment of user certs is available when you deploy EAP-TLS with the
> user cert stored in the certificate store on the user's computer.
> More information about Autoenrollment:
> Step 1c: Installing User Certificates
> http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
>
> Only Windows XP and Windows Server 2003 wireless clients support user
> certificate autoenrollment !
>
> Ciao!
> --
> Massimiliano Luciani
>
>


Digital Certificate Deployment