How does the CA perform this: "Publish certificate in Active Directory"
There isn't much information on the how a CA goes about the "Publish a certificate in Active Directory" process.....in fact there is next to zero information at all!
So, according to the documentation "A Microsoft certification authority (CA) can add certificates that have been issued to Active Directory subjects to the appropriate Active Directory object."
How does the CA make the determination about which is the "appropriate Active Directory object" to publish the certificate to?
For instance, if a certificate template is configured so that:
the Subject Name option is set to "Supply in the request" the "Publish certificate in Active Directory" is set and the requestor is someone who holds an Enrollment Agent certificate.
How would the CA determine which is the most appropriate Active Directory object to publish this too?
What steps does it take?
Is there any order of preference for identifying which AD object to publish it to?
Thanks
Cheers
Phil
September 19th, 2011 9:02pm
On Fri, 16 Sep 2011 00:53:58 +0000, Philip Richardson wrote:
For instance, if a certificate template is configured so that:
* the Subject Name option is set to "Supply in the request" * the "Publish certificate in Active Directory" is set * and the requestor is someone who holds an Enrollment Agent certificate.
How would the CA determine which is the most appropriate Active Directory object to publish this too?
What steps does it take?
Is there any order of preference for identifying which AD object to publish it to?
It really doesn't matter how the Subject name is generated or whom the
requestor is, the CA will publish the certificate to the account that
matches the Subject or the SAN. Publishing it to any other account simply
doesn't make any sense.
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
CChheecckk yyoouurr dduupplleexx sswwiittcchh..
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2011 2:46am