| Author |
Message |
Rob McShinsky
Guest
|
 Posted:
Wed Feb 02, 2005 9:07 pm Post subject:
Request Certificates on behalf of another user other than S |
|
|
We have an anomoly in our test enviroment that I am unable to explain and
thought there may be some knowledge in this are. Currently in our test
enviroment we have our RA setup so that designated enrollment agents,
currently 2, can issue smartcard user/logon certs on behalf of another user.
When I go to that page, I only see the Smartcard user/logon templates as
available. The other enrollement agent can see the Smartcard user/logon as
well as other types i.e. Administrator, Basic EFS, User, etc... I have
checked the permissions on the templates and both he and I have the same
permissions on the templates themselves. Do you see any reasons why this
might be happening? For designated templates, being able to request on
behalf of another user is the desired outcome.
Thanks
Rob McShinsky |
|
| Back to top |
|
 |
Steven L Umbach
Guest
|
| Posted:
Thu Feb 03, 2005 6:48 am Post subject:
Re: Request Certificates on behalf of another user other th |
|
|
Are you sure that they are in the smart card enrollment station and not the
advanced certificate request page?? All those certificates are available in
the advanced certificate request page, but I have never seen them in the
smart card enrollment station even when logged on as a domain admin. ---
Steve
"Rob McShinsky" <List@mcshinsky.com> wrote in message
news:O7T3ejTCFHA.824@TK2MSFTNGP11.phx.gbl...
| Quote: | We have an anomoly in our test enviroment that I am unable to explain and
thought there may be some knowledge in this are. Currently in our test
enviroment we have our RA setup so that designated enrollment agents,
currently 2, can issue smartcard user/logon certs on behalf of another
user. When I go to that page, I only see the Smartcard user/logon
templates as available. The other enrollement agent can see the Smartcard
user/logon as well as other types i.e. Administrator, Basic EFS, User,
etc... I have checked the permissions on the templates and both he and I
have the same permissions on the templates themselves. Do you see any
reasons why this might be happening? For designated templates, being able
to request on behalf of another user is the desired outcome.
Thanks
Rob McShinsky
|
|
|
| Back to top |
|
|
Brian Komar
Guest
|
| Posted:
Thu Feb 03, 2005 6:48 am Post subject:
Re: Request Certificates on behalf of another user other th |
|
|
In article <#El133aCFHA.2380@tk2msftngp13.phx.gbl>, n9rou@nospam-
comcast.net says...
| Quote: | Are you sure that they are in the smart card enrollment station and not the
advanced certificate request page?? All those certificates are available in
the advanced certificate request page, but I have never seen them in the
smart card enrollment station even when logged on as a domain admin. ---
Steve
"Rob McShinsky" <List@mcshinsky.com> wrote in message
news:O7T3ejTCFHA.824@TK2MSFTNGP11.phx.gbl...
We have an anomoly in our test enviroment that I am unable to explain and
thought there may be some knowledge in this are. Currently in our test
enviroment we have our RA setup so that designated enrollment agents,
currently 2, can issue smartcard user/logon certs on behalf of another
user. When I go to that page, I only see the Smartcard user/logon
templates as available. The other enrollement agent can see the Smartcard
user/logon as well as other types i.e. Administrator, Basic EFS, User,
etc... I have checked the permissions on the templates and both he and I
have the same permissions on the templates themselves. Do you see any
reasons why this might be happening? For designated templates, being able
to request on behalf of another user is the desired outcome.
Thanks
Rob McShinsky
I have to agree with Steve on this one. The only certificates that will |
appear on the smart card enrollment web page are certificates that
require that the certificate request be signed by a certificate with the
Certificate Request Agent application policy OID. The certificates you
mention include version 1 certificate templates that *cannot* be
modified in this manner.
It sounds like a miscellaneous click issue.
If you want to use an Enrollment Agent for a custom v2 certificate
template, you must enable the Issuance Requirement to sign the request
with a certificate containing the Certificate Request Agent application
policy OID (this is the default option when you enable signing)
Brian |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in