Re-enroll
Scenario: a network device periodically switches to/from SSL and non-secure connections. When leaving secure mode it deletes all of its current certs (client, CA, CRL). When it goes back into secure mode it re-enrolls via SCEP to get a new client cert. It
doesn't matter to us if the CA returns the original client cert again or returns a new one just as long as it works.
Question: Will ADCS NDES handle this ok? The network device isn't re-enrolling in the traditional sense because the previous client cert didn't expire. If that's a problem would it be possible for the network device to tell ADCS to revoke the original
client cert first so that the new SCEP request would succeed? Our new system isn't running so I can't test it for myself yet. We're migrating from a different solution to Server 2008 R2. Thanks in advance for the help.
June 15th, 2012 12:03pm
Hi,
You can use the Certification Authority snap-in to revoke a certificate, to administer certificate revocation list (CRL) publication, and to specify the CRL Distribution Points (CDPs) published in every certificate issued by the certification authority (CA).
For details:
Revoking certificates and publishing CRLs
http://technet.microsoft.com/en-us/library/cc782162(v=WS.10).aspx
Best Regards
Elytis Cheng
Elytis Cheng
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 5:00am
Thank you for the reply. Can a network device issue a command to ADCS to revoke its own certificate remotely with no human involvement? If not, what will ADCS do if a network device tries to re-enroll when a valid certificate already exists? Will it simply
give the existing certificate to the network device again?
June 20th, 2012 9:43am
MSDN tech support says that a network device cannot issue a command to ADCS to revoke its own cert. But ADCS doesn't care if the same network device requests new certs while old ones are still valid so it's not an issue.
Free Windows Admin Tool Kit Click here and download it now
July 4th, 2012 6:10pm