locked
Issuing Certificates to Non-Windows Hosts RRS feed

  • Question

  • Hi All,

    Any experience with providing certificate services to Linux and Mac workstations?  Specifically, I want to issue user certificates based on the users Active Directory account, but want to ensure that the private key is not exportable, so that the certificate cannot be moved to a different machine.

    Obviously the Web Enrollment pages are not an option as these use ActiveX controls.  So I'm assuming this will have to be a combination of command line utilities and/or mmc functions.

    This will be used for VPN authentication, hence the requirement to ensure that only validated computers can be used to access our network over the VPN.

    Any observations, comments, tips, tricks and/or instructions gratefully received!!

    Tks & Rgds

    Mark Davies
    MCSE, MCSA
    Wednesday, October 22, 2008 1:19 AM

Answers

  • Mark,
    This forum is for helping customers with technical questions on interoperability. Your issue does not appear to be related to interoperability. Your question may be better answered by posting on the Windows Server/Security forum at 
     http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads/.

    Richard Guthrie
    • Marked as answer by mid1965 Wednesday, October 22, 2008 7:38 PM
    • Edited by Chris Mullaney Tuesday, October 28, 2008 10:31 PM original answer referenced open protocol specifications when it is on an interop forum
    Wednesday, October 22, 2008 4:04 PM
    Moderator

All replies

  • Mark,
    This forum is for helping customers with technical questions on interoperability. Your issue does not appear to be related to interoperability. Your question may be better answered by posting on the Windows Server/Security forum at 
     http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads/.

    Richard Guthrie
    • Marked as answer by mid1965 Wednesday, October 22, 2008 7:38 PM
    • Edited by Chris Mullaney Tuesday, October 28, 2008 10:31 PM original answer referenced open protocol specifications when it is on an interop forum
    Wednesday, October 22, 2008 4:04 PM
    Moderator
  • Applogies & Thanks Richard.
    Wednesday, October 22, 2008 7:39 PM