On a new Enterprise CA server Installation (Windows Server 2008 R2) 1. Under "Enterprise PKI" i see CDP Location #1 Status: expiring what dow this mean?. 2. I have not set Auto Enrollment in GPO , How is it i have "Issued Certificates" to user or computers i didnt manually request for?. 3. When installing a Enterprise CA do all doamin clients add the CA to Trusted Root Automatically? or do i need some GPO? 4. if Certs are set to expire after 1 year do they renew automatically or do i need to manually do somthing? 5. for computers not in domain i used web enrollment, but thereisonly a choice of User certificate.what do i do to get a computer certificate for non domain PCs? Thanks

> 1. Under "Enterprise PKI" i see CDP Location #1 Status: expiring what dow this mean?. this means that CRL is about to expire. Normally no actions are required, because CA automatically issues new CRLs. > 2. I have not set Auto Enrollment in GPO , How is it i have "Issued Certificates" to user or computers i didnt manually request for?. certain applications may request certificates from CA if necessary. > 3. When installing a Enterprise CA do all doamin clients add the CA to Trusted Root Automatically? or do i need some GPO? when you install Enterprise Root CA, it is automatically added to client's Trusted Root CAs container (after group policy refresh). > 4. if Certs are set to expire after 1 year do they renew automatically or do i need to manually do somthing? if autoenrollment is not enabled, you have to manually renew them.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Thanks Vadims do you have anything about question 5 ?

there is no longer support for that. You cannot use web enrollment to directly enroll computer certificates. Instead, you shold generate requests on non-domain clients and submit request via web enrollment.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki