AD CS issuing client auth cert for local user account


  • Can anyone point me in the direction of a step-by-step guide for issuing a user certificate to a non-domain user account such as you would find on a non-domain joined computer in a DMZ environment?

    The end-goal is to map the user certificate to a user account on a local server that is not domain joined to use with WinRM service so that a client administrator machine can use certificate for authentication and user impersonation using certificatethumbprint.

    I have a working AD CS running under Windows Server Essentials 2012 and can issue a computer certificate in the scenario mentioned above but I can't create a user cert from a CSR created on the workgroup machine. When supplying the CSR to the AD CS using web interface it issues a user cert based on the user that is used to auth to the AD CS web-serivce.

    Many thanks in advance


    Sonntag, 21. Juli 2013 21:37


Alle Antworten