• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1551
  • Last Modified:

Computer Certs for Workgroup Computers

I am trying to install computer certs for Workgroup Computers so I can enable secure RDP for PCI compliance.  I have a Windows 2012 Internal CA that is issuing certs for domain computers and I can request Web Server certs through the browser.  What am I missing to get computer certs to Workgroup servers?
0
paulymo
Asked:
paulymo
  • 4
  • 3
1 Solution
 
arnoldCommented:
Nothing, they (workgroup computers/users) have to be manually request and install the certificates issued by the CA.
0
 
paulymoAuthor Commented:
How do I manually request it?
0
 
arnoldCommented:
Using a webbrowser navigate to http://CAserver/certsrv there you can choose the type of certificate you need and is based on the templates you approved/configured on the CA.

Once submitted, you will have a certificate to download/install.
If you have configured the CA to place requests in a pending queue, you would need to approve the pending certificate.

certreq can be used to generate a CSR that is then submitted to the CA's certsrv site for signing.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
paulymoAuthor Commented:
Thanks Arnold for your response.  So far I am aware of everything you have suggested but do not see a computer cert available.  Any suggestions on creating a computer cert from a template for workgroup computers?
0
 
arnoldCommented:
Within the CA you can configure the template s available on the CA.
If you as administrator navigate to http://server/certsrv.
To enroll.  Certutil,certreq are command line tools.

http://technet.microsoft.com/en-us/library/cc770794(v=ws.10).aspx

The difficulty is knowingtefunctionlity/attributes that might be needed.
0
 
paulymoAuthor Commented:
I had to install the ADCS Certificate Enrollment Web Service and ADCS Certificate Enrollment Policy Web Service Server roles to make this work.
0
 
paulymoAuthor Commented:
No other solutions worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now