TLS/SSL certificate request question
Hi, I am deploying an application that requires certificate based authentication. I am wondering what option do I have for certificate request from the client side. I know openssl is on of them. If I use the certificate enrollment request wizard, do I have
to set up a certificate server within the domain. Also, does all the clients that require the certificate has to be part of the domain too with the Windows CA server setup? Is there any other simpler way to generate TLS/SSL certificate request from Windows
other than the above?
Thanks
June 18th, 2010 6:05pm
Hi,
Q1: If I use the certificate enrollment request wizard, do I have to set up a certificate server within the domain.
Do you mean the
certificate enrollment request wizard in the Certificate MMC? For client authentication, a internal CA would be the effective and costless way to deploy a PKI infrastructure.
Q2: does all the clients that require the certificate has to be part of the domain too with the Windows CA server setup?
Q3: Is there any other simpler way to generate TLS/SSL certificate request from Windows other than the above?
Not essential. Non-domain clients can also easily request the certificate through CA web enrollment based on the permissions on the certificate template.
The CA web enrollment page is a web page which is installed on IIS where clients can request their certificates via HTTP (HTTPS) other than
certificate enrollment request wizard (RPC).
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2010 5:40am
Thanks,
We do have an internal CA server setup already, but it is linux based. The current certificate request process use openssl for Windows and it is kind of cumbersome. I am just wanting to find a easier way to request client certificate.
So can I tied the Windows CA web enrollment to a non-Windows CA server?
June 21st, 2010 5:35pm
Hi,
Sure. However, you will have to fill the fields such as host name in the certificate request.
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2010 11:59am