none
SSL Limitations

    Question

  • Are there any non-Microsoft platforms that a Microsoft CA cannot issue an SSL certificate to?
    Monday, May 09, 2011 7:37 PM

Answers

  • > Can they simply generate a CSR and issue the request via web page from a Microsoft OS?

    yes. Once you have generated a CSR you can use various methods to submit it to the CA server, like web pages, Certification Authority MMC snap-in or certreq.exe utility.


    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    • Proposed as answer by Vadims PodansMVP Tuesday, May 10, 2011 8:11 AM
    • Marked as answer by PaulT15 Tuesday, May 10, 2011 1:11 PM
    Tuesday, May 10, 2011 8:11 AM

All replies

  • can you be more specific? Since Windows CA is standard-conformant there should not be any issues with other platforms. However direct certificate request via web pages is restricted to platforms that can utilize XEnroll or CertEnroll functionality. RPC/DCOM enrollment is restricted to platforms that utilize MS-WCCE protocol specifications.
    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Monday, May 09, 2011 8:12 PM
  • Vadims,

    I work for a large multi platform company that presently does not have a Microsoft PKI. If we were to implement ADCS, can the non-microsoft OS's (Unix, Linux, AS400, Apache, etc. etc. etc.) request and utilize ADCS SSL certificates? How? If an OS doesn't support XEnroll, CertEnroll or MS-WCCE how can they obtain a certificate?  Can they simply generate a CSR and issue the request via web page from a Microsoft OS?

    Thanks,

    Paul

    Monday, May 09, 2011 9:22 PM
  • > Can they simply generate a CSR and issue the request via web page from a Microsoft OS?

    yes. Once you have generated a CSR you can use various methods to submit it to the CA server, like web pages, Certification Authority MMC snap-in or certreq.exe utility.


    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    • Proposed as answer by Vadims PodansMVP Tuesday, May 10, 2011 8:11 AM
    • Marked as answer by PaulT15 Tuesday, May 10, 2011 1:11 PM
    Tuesday, May 10, 2011 8:11 AM
  • On Tue, 10 May 2011 08:11:35 +0000, Vadims Podans [MVP] wrote:

    > Can they simply generate a CSR and issue the request via web page from a Microsoft OS?
    >
    yes. Once you have generated a CSR you can use various methods to submit it to the CA server, like web pages, Certification Authority MMC snap-in or certreq.exe utility.

    You may also want to look into Venafi's Encryption Director -
    http://www.venafi.com/Products

    It solves a lot of problems surrounding management and deployment of
    certificates in a heterogenous environment.

    Note that I have no direct relationship with Venafi, I just happen to work
    in the industry and I think that they've got a great product.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Disc space -- the final frontier!

    Wednesday, May 11, 2011 7:27 AM