A few Enterprise CA questions.
On a new Enterprise CA server Installation (Windows Server 2008 R2)
1. Under "Enterprise PKI" i see CDP Location #1 Status: expiring what dow this mean?.
2. I have not set Auto Enrollment in GPO , How is it i have "Issued Certificates" to user or computers i didnt manually request for?.
3. When installing a Enterprise CA do all doamin clients add the CA to Trusted Root Automatically? or do i need some GPO?
4. if Certs are set to expire after 1 year do they renew automatically or do i need to manually do somthing?
5. for computers not in domain i used web enrollment, but thereisonly a choice of User certificate.what do i do to get a computer certificate for non domain PCs?
Thanks
October 24th, 2012 3:36am
> 1. Under "Enterprise PKI" i see CDP Location #1 Status: expiring what dow this mean?.
this means that CRL is about to expire. Normally no actions are required, because CA automatically issues new CRLs.
> 2. I have not set Auto Enrollment in GPO , How is it i have "Issued Certificates" to user or computers i didnt manually request for?.
certain applications may request certificates from CA if necessary.
> 3. When installing a Enterprise CA do all doamin clients add the CA to Trusted Root Automatically? or do i need some GPO?
when you install Enterprise Root CA, it is automatically added to client's Trusted Root CAs container (after group policy refresh).
> 4. if Certs are set to expire after 1 year do they renew automatically or do i need to manually do somthing?
if autoenrollment is not enabled, you have to manually renew them.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2012 3:55am
Thanks Vadims
do you have anything about question 5 ?
October 24th, 2012 4:48am
there is no longer support for that. You cannot use web enrollment to directly enroll computer certificates. Instead, you shold generate requests on non-domain clients and submit request via web enrollment.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2012 8:34am