Skumar_CCSA
asked on
Certificate Authority, CA, Windows 2008
hi experts..
please help.
i want to set permission.
only selected people to access the certificate request page.
i checked in the manual, i see that the option is available only for enable and disable authentication in IIS.
i do not see where to link the users id.
Regards,
Skumar.
please help.
i want to set permission.
only selected people to access the certificate request page.
i checked in the manual, i see that the option is available only for enable and disable authentication in IIS.
i do not see where to link the users id.
Regards,
Skumar.
ASKER
It is standalone Root CA.
No domain
No domain
I think you have raised another question for same reason, I have posted my comment there to achieve this
If you set IIS rules,and if this server is in workgroup, then you can restrict web site use to local users only
The another way you could do that via restricting TCP port 80 and 443 towards web server via other network segments and this can be achieved through windows firewall rules on server itself or if you have any network firewall between computers and this server
If you set IIS rules,and if this server is in workgroup, then you can restrict web site use to local users only
The another way you could do that via restricting TCP port 80 and 443 towards web server via other network segments and this can be achieved through windows firewall rules on server itself or if you have any network firewall between computers and this server
ASKER
Wow.....I am getting more info...
Mahesh can you please help me in giving some links...
The server in domain enviornment, installed standalone Root CA.
Admins will request certificate through URL, issue certificate from CA, and export certificate from cert URL. ( Basically this has been setup for client authentication for non domain laptops.
For restriction.
I logged on windows.
Oped IIS, disabled anonyms access....Enabled Windows authentication, in the edit option I made it enhanced protection with the options of Require.
After doing this I see that when accessing URL from network PC, it ask for usetname and password....but it is not going through even I give the CA server local account.
In this scenario anything settings (either in firewall or IIS level) that can help to protect the page, it must ask for username and password...and allow post success validation.
Please help ...
Thanks to help ...
Regards,
Skumar.
Mahesh can you please help me in giving some links...
The server in domain enviornment, installed standalone Root CA.
Admins will request certificate through URL, issue certificate from CA, and export certificate from cert URL. ( Basically this has been setup for client authentication for non domain laptops.
For restriction.
I logged on windows.
Oped IIS, disabled anonyms access....Enabled Windows authentication, in the edit option I made it enhanced protection with the options of Require.
After doing this I see that when accessing URL from network PC, it ask for usetname and password....but it is not going through even I give the CA server local account.
In this scenario anything settings (either in firewall or IIS level) that can help to protect the page, it must ask for username and password...and allow post success validation.
Please help ...
Thanks to help ...
Regards,
Skumar.
ASKER
Hi Mahesh...
Pls help....
Regars,
Skumar
Pls help....
Regars,
Skumar
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you so much
If you want to grant access certain users to request certificate, you need to control it through Certificate templates in active directory
Certificate templates are available only if you have AD integrated CA installed
Check below link for more information
http://blogs.technet.com/b/askds/archive/2010/05/27/designing-and-implementing-a-pki-part-iii-certificate-templates.aspx
http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=7586FB54C3F4697EE3E64F75DDFD9042?externalId=KB27149&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
Mahesh.