Server 2008 Certificates distinguishable by "hardware type"

Posted on 2012-08-20
Last Modified: 2012-08-21
Hi there,

in my lab environment I have setup an offline root CA and one SubCA. So far so good, everything is working. Now I'm a little bit lost with the following:

I want to issue a certificate for all network-connected devices and make sure they only are able to connect to specific networks, e.g. VoIP telephones only to the VoIP network, Laptops to LAN 1, Desktops to LAN 2 and so on. What is best practice to make the certificates "tell" what hardware they were issued to so that I can setup the WLAN access point only grant access to the "Laptops".

Thx for any remarks.

Question by:Marcel_D
    LVL 60

    Accepted Solution

    LVL 23

    Assisted Solution

    by:Mohammed Hamada
    I think that should depend on your wireless access point capabilities in the first place on how to priories access for the services.

    You probably can create a certificate with a SAN that matches the VoIP server for instance, if you have a (Brekeke SIP, PBX) server with FQDN "" you can create a certificate with this SAN and configure Brekeke to allow access only to devices that has this particular certificate installed on it.

    Author Closing Comment

    I know that this is a very tricky question so I have to give points to both.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now