none
Enrolling software certificates with Enrollment agent on FIM2010 R2 RRS feed

  • Question

  • Hi!

    Currently we are using FIM2010 R2 for smartcard management, but would like to use it for software certificates as well:

    Current smart card enrollment workflow is as follows:

    Self service enabled: false

    Enrollment agent enabled: true

    Number of approvals: 1

    and everything works as expected - smartcard is enrolled with target user's Subject and SAN and is assigned to correct user.

    I wanted to use similar workflow with same settings specified above for enrolling software certificates, bet the thing is:

    Enrolled certificate is assigned to target user ,but it is enrolled with enrollment agent's Subject and SAN.

    How can I get software certificate enrollment working like it does with smart cards(i.e. certificate contains target user's Subject and SAN instead of enrollment agent's)?

    regards,

    Arnis

    Wednesday, January 8, 2014 9:51 AM

Answers

  • On Wed, 8 Jan 2014 09:51:03 +0000, arnis_g wrote:

    I wanted to use similar workflow with same settings specified above for enrolling software certificates, bet the thing is:

    Enrolled certificate is assigned to target user ,but it is enrolled with enrollment agent's Subject and SAN.

    How can I get software certificate enrollment working like it does with smart cards(i.e. certificate contains target user's Subject and SAN instead of enrollment agent's)?

    You need to make sure that the certificate template is configured to
    require 1 signature with an Application policy of Certificate Request
    Agent.


    Paul Adare - FIM CM MVP
    You know you're a Unix guy when your dreams start with #!/bin/sh.

    • Marked as answer by arnis_g Thursday, January 9, 2014 11:46 AM
    Wednesday, January 8, 2014 7:39 PM

All replies

  • Hi,

    it seems for smart cards you issue the cards through a enrollment agent, e.g. the facility security requests the certificate and is printing a badge on the smart card and then they hand out the card to the user.

    For software certificates you can just allow the user to enroll the certificate without an enrollment agent.

    Hope that helps,

    Lutz

    Wednesday, January 8, 2014 6:27 PM
  • On Wed, 8 Jan 2014 09:51:03 +0000, arnis_g wrote:

    I wanted to use similar workflow with same settings specified above for enrolling software certificates, bet the thing is:

    Enrolled certificate is assigned to target user ,but it is enrolled with enrollment agent's Subject and SAN.

    How can I get software certificate enrollment working like it does with smart cards(i.e. certificate contains target user's Subject and SAN instead of enrollment agent's)?

    You need to make sure that the certificate template is configured to
    require 1 signature with an Application policy of Certificate Request
    Agent.


    Paul Adare - FIM CM MVP
    You know you're a Unix guy when your dreams start with #!/bin/sh.

    • Marked as answer by arnis_g Thursday, January 9, 2014 11:46 AM
    Wednesday, January 8, 2014 7:39 PM
  • Thanks Paul, it works!
    Thursday, January 9, 2014 9:59 AM
  • On Thu, 9 Jan 2014 09:59:53 +0000, arnis_g wrote:

    Thanks Paul, it works!

    Glad to help. Would you mark my post as an answer? I don't care about the
    points but it may help someone else who comes along later with the same
    question.


    Paul Adare - FIM CM MVP
    Usenet: open mouth, insert foot, propagate internationally

    Thursday, January 9, 2014 11:29 AM