I have installed Enterprise Root CA in our environment. CA is installed on Windows 2008 R2 Enterprise edition. There are not any other sub CA. I need to assign certificate to users on flash disks. So I have configured:
1) AD group “ENROLLMENT_AGENTS” there are two persons.
2) dulicate template enrollment agent (windows 2003 template, set up security for group above) and publish.
3) duplicate user certificate. (windows 2003 template, set up security for group above) and publish.
4) Issue to that users their users and enrollment agent certificates.
5) on CA there is no restrictions for enrollment agents. Policy is set up that certificates are in pending state until administrator action.
6) users can request certificate on behalf of throught MMC console. (choose their own signature certs, select certificate for request, select user etc. )
7) On CA I see pending request. But in enrollment agents in MMC (user certificates – Certificate Enrollment Requests) there is not any request. So after import I dont have private key of that certificate. If I trz to request cert for me (not on behalf of) there is request.
Can anybody help me?
Thanks a lot
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.