C
cbochynek
Hi,
I try to set up an environment for distribution computer certificates with SCCM for WLAN WPA Enterprise.
My Active Directory Services , CA, and NDES are running on one machine, SCCM with the Certificate Registration Point on the other. (I know its not recommended to run CA and NDES on the same machine).
Deploying these settings and the certificate request works fine. The client gets a certificate, you can also find it in the Certfication Authority under Issued Certificates ....BUT the Requester Name ist the name of the Domainuser who requests, the Issued Common Name also. So I can't identify which PC requested the certificate.
When i request a certificate by hand (mmc on the client ) with the same template it shows exactly what i want to see. Requester Name is Domain\computername, Issued Commen Name is the FQDN.
I tried to change the Template to get what i want. If i change the Subject Name to "Supply in the request" it seams to work, but it tolds me that it's a big security risk. Is this the only possible way to get the informations I want in my certificate requests?
Integrated authentication (Windows Auth) is enabled on the IIS (How to identify the requester of a certificate in Standalone Issuing CA ?)
Maybe there is another solution.
Looking forward to your hints.
Continue reading...
I try to set up an environment for distribution computer certificates with SCCM for WLAN WPA Enterprise.
My Active Directory Services , CA, and NDES are running on one machine, SCCM with the Certificate Registration Point on the other. (I know its not recommended to run CA and NDES on the same machine).
Deploying these settings and the certificate request works fine. The client gets a certificate, you can also find it in the Certfication Authority under Issued Certificates ....BUT the Requester Name ist the name of the Domainuser who requests, the Issued Common Name also. So I can't identify which PC requested the certificate.
When i request a certificate by hand (mmc on the client ) with the same template it shows exactly what i want to see. Requester Name is Domain\computername, Issued Commen Name is the FQDN.
I tried to change the Template to get what i want. If i change the Subject Name to "Supply in the request" it seams to work, but it tolds me that it's a big security risk. Is this the only possible way to get the informations I want in my certificate requests?
Integrated authentication (Windows Auth) is enabled on the IIS (How to identify the requester of a certificate in Standalone Issuing CA ?)
Maybe there is another solution.
Looking forward to your hints.
Continue reading...