Hi, first sorry for bad english. I have the following situation. I have running a Windows 2003 Server with 802.1X EAP-TLS in the WLAN, where computers get their computer certificates (standard template) via autoenrollment, using a group policy of AD. Before they can use the WLAN, they have to connect wired as a domain member. With windows PC´s it runs very good. Now the problem: I want to issue computer certificates via CA web services, because now I have gadgets, where it is not possible to join them to the domain, like Smartphones, Linux clients etc. So I have used a computer certificate V2 template and tried to issue it via web interface (sorry its in german): If I complete the fields under "Identification information for offline template" and install the certificate, it seems to be a user certificate. Because it is under "current user" in the certificate management and not under "local computer" and the authentification is only succesful if I create a user with the same name, like in the "Identification information for offline template" - fields. And if I copy the certificate under "local computer" the 802.1X authentication not even starts, because no certificate is found... Is it possible and if, how is it possible to issue manually computer certificates to gadgets, that are no windows clients. And how is it possible to copy unique certificates to differents gadgets with e.g. USB?

In this case the device certificate need to match a valid computer account in AD. The matching is performed using the information in the certificate subject and alternative name. This means that you need to create an account for each device that not member of the domain that same way a domain member has an account. Besides using a subject name mapping an AD account you need to make sure you select the option "Store certificate in the local computer certificate store" when requesting the certificate through the web enrollment. /Hasain

Hi, thanks for the fast answer. I have tried what you said in your post, but I have still the same problem. I try to explain as well as I can. I have created the computer "Palme": Then I issued the computer certificate, domain name is example.com:

The certificate is placed under "Local Computer": In the wireless-settings I choose the CA and authenticate as computer:

If I try then to connect to the wireless network comes a message that say, that there are no certificates to connect to the network. But if I put the certificate to the "current user" category, I can authenticate "Palme" as a User. I think the certificate I issued is a user certificate and not a computer certificate, or am I wrong? The Server see the computer "Palme" is a User and not as a computer ...

Today I've found this: http://blogs.technet.com/b/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx Can anyone tell me if this is a good way? Has anyone ever tried this?