Mscep in windows Server 2003 enterprise pki
Hi I have a dedicated Windows Server 2003 Enterprise CA with MSCEP Add-on installed on it. The sole purpose if the CA is to issue router certificates. The MSCEP account is the local system. The CA Policy module is configured to set any and all certificate requests to pending. The Exit module on the CA is configured to send email notification every time a certificate is in a pending status. This setup is working fine as long as challenges\passwords are used for enrollment including sending an email to the routers administrators who are Certificate Managers and are authorized to issue the pending certificate requests. Registry Values = HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP Key- EnforcePassword Value =1 If I set the EnforcePassword value to 0 the whole set up stops working and the certificates requests do not reach the Server 2003 Enterprise CA. The final goal is to have the routers configured to auto-enroll and (auto)renew and that is why the EnforcePassword value is set to 0. I know this works with Active Directory Certificate Services with the NDES server role feature implemented. As part of the troubleshooting process I configured all parties involved to have full control on the participating certificate templates. Thanks Yariv Bashanyarivb
August 2nd, 2009 3:34pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics