locked
Private key permissions on ADCS issued certificate RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    What is best practice when assigning private key permissions to service accounts that need them when the certificates are issued via a certificate template in ADCS?

    If I manually assign permissions to grant a service account access to the private key of a computer certificate issued via an ADCS certificate template, will these permissions be removed when the certificate auto-renews? 

    If so, does this require a specific certificate template to a grant private key permissions to the service account?  I'd prefer not to do this if it requires a separate certificate template for each set of permissions.

    Wednesday, September 4, 2019 2:10 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Thanks for posting in our forum, and sorry for the delayed reply.

    >>What is best practice when assigning private key permissions to service accounts that need them when the certificates are issued via a certificate template in ADCS?

    Based on my experience, I will suggest you use option “Authorize additional service accounts to access the private key” under “Request Handling” tab to assign permission for service accounts.

    >> If I manually assign permissions to grant a service account access to the private key of a computer certificate issued via an ADCS certificate template, will these permissions be removed when the certificate auto-renews?

    As far as I know, it will not be removed.

    For your reference:

    https://winintro.ru/certtmpl.en/html/b0fcf6c9-bd3d-4e1e-bd94-8e306a6d2415.htm

    https://social.technet.microsoft.com/wiki/contents/articles/13303.windows-server-2012-certificate-template-versions-and-options.aspx

    Best Regards,

    William

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 9, 2019 12:02 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    William

     

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 17, 2019 9:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

     

    Please remember mark all the useful replies as answer, it would be helpful to anyone who encounters similar issues.

     

    Best Regards,

     

    William

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 25, 2019 2:47 AM