Question regarding issuing certificates to users

  • Thread starter Thread starter madsudhindra
  • Start date Start date
M

madsudhindra

Hello,

I am in the process of setting up a Windows 2003 based CA setup for
my organization.

As part of the policy for issuing certificates, we want each enrolling
user to have only one certficate assigned to that user (the enrollment
of users will be done using the microsoft certificate services web
pages).

I would like to know as to how I can enforce such a policy. The
requirement is that if the user requests for an additional
certificate, the CA server should deny the request automatically. Is
there any way such a policy could be configured ?

Thanks for your help !!
 
I would look at credential roaming services as part of your solution.
It really depends on how you plan to deploy the certificates to answer your
question
Brian
 
I would look at credential roaming services as part of your solution.
It really depends on how you plan to deploy the certificates to answer your
question









- Show quoted text -
Click to expand...

Hi,

Could you please elaborate a little more on what you mean by "on how
you plan to deploy the certificates" ?

The setup is envisaged to be tied to our AD, and the AD going to be
our store for certificates.
 
How do you plan to issue the certificates to the users?
What you are telling me is how clients will find other users certificates
(say for encryption certs).
How are *you* going to get a certificate issued by *your* CA to a user on
your network.

- CertMgr
- Autoenrollment
- Web enrollment
- Face-to-Face meeting
- Use of a registration authority such as ILM
- Will the user have to undergo a vetting process to confirm their identity
- If they under go a vetting process, what forms of identification must be
shown
- Will the identification be recorded.
- Who will perform the validation of identity
- How often will they have to renew the certificate

It really is a simple question
Brian

<snip>
===================================

Hi,

Could you please elaborate a little more on what you mean by "on how
you plan to deploy the certificates" ?

The setup is envisaged to be tied to our AD, and the AD going to be
our store for certificates.
 
Back
Top