Can someone please help me with the following question, thanks
I was reading the following article
https://technet.microsoft.com/en-us/library/cc778245(v=ws.10).aspx
At first glance it seemed to contradict itself (I think I know the answer but want to check hence my post)
The article says
- On the Issuance Requirements tab of the selected certificate template, selecting This number of authorized signatures and making the value greater than 1 disables subject autoenrollment based on this template.
- On the Issuance Requirements tab of the selected certificate template, selecting This number of authorized signatures and setting the value to 1 requires the requester to sign the request with a private key from a valid certificate in their certificate store. This certificate must contain the application and issuance policies that are specified in the Application policy and Issuance policies lists on the same tab. If an appropriate certificate exists in the requester's certificate store, autoenrollment signs the request with this certificate's private key and obtains and installs the requested certificate automatically.
So when it comes to The number of Authorised Signatures the first bullet point states this disable auto-enrolment but the second bullet point says obtains and installs the requested certificate automatically
What I believe it is saying is if you have a code signing certificate with the appropriate Application Policies (EKU) and Issuance Policies in this code signing Cert (e.g. to match the requirements of the template). As long as this code signing cert is in your X509 store on your PC, you can auto-enrol and if it is not you have to get someone who has this code signing cert to sign you CSR
Is that basically correct?
If so what X509 store should this code signing cert be in LocalMachine\Personal or CurrentUser\Personal or other?
Thanks All
Ernie
Other recent topics
