published certificates in outlook use order

  • Thread starter Thread starter Andrey Kreitor
  • Start date Start date
A

Andrey Kreitor

Hi,
Please let me know which one of the published in AD certificates
Outlook does use? For example a user may have multiple certificates
published in AD.
I know, first it looks at usersmime...attribute, then usercertificate
attr.

How to assign a "default certificate" in AD for a particular account ?
 
I believe the user account will use the first available certificate that can
authenticate the user if there is more than one certificate that can be
used. I don't know if you can create a default certificate and am not sure
of what the advantage of that would be anyhow. If you have users that have
certificates that they are not supposed to have you may have to revoke their
certificates and review who has permissions to enroll for certificates which
you can manage in AD Sites and Services but you will have to select view and
enable the services node to access the certificate templates. --- Steve
 
Hi,
Sometimes operations like cert revoking, crls publishing are quite
time consuming, preceding exchange kms installations with non
recoverable private keys etc... and i need that users would be
e-mailed with "right" certs :)

it seems when i click "publish in gal" button in outlook, the
certificate i use at this very moment becomes the first available for
other AD users. Am i right?

I tried to clear users' cert attributes via ADSI edit, but something
goes wrong and mmc console just hangs and quits after all... Probably
there is some kind of script?

Thanks in advance.
 
Hi Andrey.

I am not familiar with Outlook so I can't really advise on that. You might
also want to post in an Outlook and/or Exchange newsgroup. --- Steve
 
Hi,
you can use ListSMIMECerts.vbs script to delete all the smime certificates.
You can find it from the following link :
http://www.microsoft.com/downloads/...5C-FAF1-488A-A856-AD467BB59B26&displaylang=en

I think you can have a look at
"Implementing and Maintaining PKI to Support Message Security in Exchange
2003"
it may help you to understand the search order of the attributes related to
the certificates. And some differences between email client behaviours
http://www.microsoft.com/technet/pr...ide/0df107e5-8f2c-42d2-9a4c-165f99108c48.mspx

AydinK
 
Back
Top