I'm running Server 2012 R2 CA's with V3+ certificates. Prior to this I was running Server 2008 R2 CA's with V1/V2 certificates.
I understand that that the Web Enrollment page (CertSrv) cannot display/issue V3+ certificates. Apparently this is due to the lack of support for KSP vs CSP. Is this correct? Can someone elaborate on this at all? I'm trying to gather as much information on this as possible so that I can better explain it to my peers who have only ever used the CertSrv page for requesting certificates.
Also can someone give some clarification on why I must request a V3 Web Server certificate as a Machine rather than a User? Is there any way to request a V3 certificate such that the "Requester" name shows a user name rather than a computer name? How did the CertSrv site accomplish this with V2 web server certificates?
Example:
I must use "certlm.msc" or "certreq -enroll -machine" to request a Web Server certificate (intended purpose=Server Authentication).
Thanks!
Mike