Certificate Enrollment
Once a certificate template is added to a CA is there a way to limit the methods that can be used for enrollement in that certificate?
Example: Certificate can only be enrolled via WebEnrollment and NOT Certificate Enrollment Wizard or vice verse.
Thanks,
Paul
October 5th, 2011 4:50pm
It is not possible for the CA to distinguish among the different enrollment methods unless you implement some other layer of control often referenced to as a Registration Authority. This can be done either using 3rd party policy modules,
IP restrictions or requiring additional signatures in a co-signing/enrollment agent scenario.
Forefront Identity Management Certificate Manager, FIM CM, is a good example of RA that can control all certificate request/issuance through a web interface and a set of policies.
/Hasain
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2011 12:17am