Server 2008 Certificates distinguishable by "hardware type"

Posted on 2012-08-20
Medium Priority
Last Modified: 2012-08-21
Hi there,

in my lab environment I have setup an offline root CA and one SubCA. So far so good, everything is working. Now I'm a little bit lost with the following:

I want to issue a certificate for all network-connected devices and make sure they only are able to connect to specific networks, e.g. VoIP telephones only to the VoIP network, Laptops to LAN 1, Desktops to LAN 2 and so on. What is best practice to make the certificates "tell" what hardware they were issued to so that I can setup the WLAN access point only grant access to the "Laptops".

Thx for any remarks.

Question by:Marcel_D
LVL 65

Accepted Solution

btan earned 900 total points
ID: 38314551
LVL 24

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 600 total points
ID: 38315589
I think that should depend on your wireless access point capabilities in the first place on how to priories access for the services.

You probably can create a certificate with a SAN that matches the VoIP server for instance, if you have a (Brekeke SIP, PBX) server with FQDN "Brekeke.Yourdomain.com" you can create a certificate with this SAN and configure Brekeke to allow access only to devices that has this particular certificate installed on it.

Author Closing Comment

ID: 38318193
I know that this is a very tricky question so I have to give points to both.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question