- Home
- Products
- Integration
- Tutorial
- Barcode FAQ
- Purchase
- Company
Deploying Certificates in Visual Studio .NET
Deploying Certificates Print Quick Response Code In Visual Studio .NET Using Barcode maker for VS .NET Control to generate, create Quick Response Code image in .NET applications. www.OnBarcode.comQR Code Scanner In .NET Using Barcode recognizer for .NET Control to read, scan read, scan image in .NET applications. www.OnBarcode.comNote The SCEP installation file (cepsetup.exe) is available for download at www.microsoft.com/downloads/details.aspx displaylang=en&familyid=9f306 763-d036-41d8-8860-1636411b2d01 and can be used by any device that supports SCEP enrollment. Draw Barcode In .NET Framework Using Barcode printer for .NET Control to generate, create bar code image in VS .NET applications. www.OnBarcode.comBar Code Reader In VS .NET Using Barcode scanner for .NET framework Control to read, scan read, scan image in .NET applications. www.OnBarcode.comChoosing an Enrollment Method
Quick Response Code Maker In C# Using Barcode generation for VS .NET Control to generate, create Quick Response Code image in Visual Studio .NET applications. www.OnBarcode.comQR Generator In Visual Studio .NET Using Barcode creator for ASP.NET Control to generate, create Denso QR Bar Code image in ASP.NET applications. www.OnBarcode.comFor each PKI-enabled application, you must choose the best way to deploy certificates to users, computers, and network devices. In most cases, you ll have a primary method and a secondary method. QR-Code Maker In Visual Basic .NET Using Barcode drawer for VS .NET Control to generate, create QR Code JIS X 0510 image in .NET applications. www.OnBarcode.comBarcode Creation In VS .NET Using Barcode printer for .NET framework Control to generate, create barcode image in .NET framework applications. www.OnBarcode.comChoosing Among Manual Enrollment Methods
Printing Code128 In .NET Framework Using Barcode generator for .NET Control to generate, create Code 128A image in .NET framework applications. www.OnBarcode.comPainting Linear 1D Barcode In Visual Studio .NET Using Barcode creator for .NET framework Control to generate, create 1D Barcode image in Visual Studio .NET applications. www.OnBarcode.comManual enrollment is not well suited for mass certificate deployment because of the amount of time an organization must spend training personnel to use such a method. Table 12-1 shows the available manual enrollment methods for version 1 and version 2 certificate templates on Windows 2000, Windows XP, and Windows Server 2003 client computers. Generate PDF-417 2d Barcode In VS .NET Using Barcode creation for VS .NET Control to generate, create PDF 417 image in .NET applications. www.OnBarcode.comDraw ANSI/AIM ITF 25 In .NET Using Barcode drawer for .NET Control to generate, create ANSI/AIM I-2/5 image in Visual Studio .NET applications. www.OnBarcode.comTable 12-1 Manual Enrollment Methods
Paint GS1 128 In None Using Barcode generator for Font Control to generate, create GS1 128 image in Font applications. www.OnBarcode.comPrint UCC-128 In Java Using Barcode encoder for Eclipse BIRT Control to generate, create UCC.EAN - 128 image in Eclipse BIRT applications. www.OnBarcode.comEnrollment Method Manual enrollment on a Windows 2000 workstation Manual enrollment on a Windows XP or Windows Server 2003 workstation Request a certificate template that is pended for certificate manager approval Decode Code 128C In None Using Barcode recognizer for Software Control to read, scan read, scan image in Software applications. www.OnBarcode.comData Matrix Generator In Visual Studio .NET Using Barcode maker for Reporting Service Control to generate, create Data Matrix ECC200 image in Reporting Service applications. www.OnBarcode.comCertificates MMC V1 template: Yes V2 template: No V1 template: Yes V2 template: Yes V1 template: No V2 template: No UCC.EAN - 128 Creator In Visual Basic .NET Using Barcode maker for VS .NET Control to generate, create UCC.EAN - 128 image in .NET applications. www.OnBarcode.comCode 3/9 Encoder In Java Using Barcode maker for Java Control to generate, create Code39 image in Java applications. www.OnBarcode.comWeb Enrollment V1 template: Yes V2 template: Yes V1 template: Yes V2 template: Yes V1 template: Yes V2 template: Yes Drawing Code 3/9 In C# Using Barcode maker for .NET framework Control to generate, create Code-39 image in VS .NET applications. www.OnBarcode.comScan UPC-A Supplement 2 In C#.NET Using Barcode decoder for .NET framework Control to read, scan read, scan image in Visual Studio .NET applications. www.OnBarcode.comChoosing Among Automatic Enrollment Methods
Autoenrollment lowers the cost of a PKI by reducing the time and effort required to deploy certificates. Table 12-2 shows the automatic enrollment methods available for common deployment scenarios. Part II: Establishing a PKI
Table 12-2 Automatic Enrollment Methods
ACRS V1 template: Yes V2 template: No V1 template: No V2 template: No V1 template: Yes V2 template: No Autoenrollment Settings V1 template: No V2 template: Yes V1 template: No V2 template: Yes V1 template: No V2 template: Yes Scripting V1 template: Yes V2 template: Yes V1 template: Yes V2 template: Yes V1 template: Yes V2 template: Yes Enrollment Method Automatic deployment of certificates to computers Automatic deployment of certificates to users Automatic renewal of expired certificates Publishing Certificate Templates for Enrollment
Before enrolling a certificate manually, automatically, or through a scripting method, you must ensure that the certificate templates are available for enrollment at a CA. This process is known as publishing the certificate template at the CA. The following procedure publishes a certificate template: 1. Log on at the CA computer as a user assigned the CA administrator role. 2. From Administrative Tools, open the Certification Authority console. 3. In the console tree, expand CAName (where CAName is the logical name of the CA) and click Certificate Templates. 4. In the console tree, right-click Certificate Templates, point to New and click Certificate Template to Issue. 5. In the Enable Certificate Templates dialog box, select one or more certificate templates not currently published at the CA and click OK. Note Version 2 certificate templates are only available if the enterprise CA is running Windows Server 2003, Enterprise Edition, or Windows Server 2003, Data Center Edition. If the enterprise CA is running Windows Server 2003, Standard Edition, the Enable Certificate Templates dialog box only displays the available version 1 certificate templates. Once you add the certificates, they are available for enrollment. The list of published certificate templates is defined on a CA-by-CA basis, allowing the availability of different certificate templates at each enterprise CA in the CA hierarchy. 12: Deploying Certificates
If you want to remove a certificate template, select the certificate template or templates in the details pane and press Delete. After confirming the deletion, the certificate templates are no longer available for enrollment. Scripting the Publishing of Certificate Templates
Alternatively, you can use the certutil command to add or remove certificate templates from a CA. For example, the following script sample removes the default certificate templates and publishes only the Basic Encrypting File System (EFS), CA Exchange, EFS Recovery Agent, and Key Recovery Agent certificate templates: ::Remove certutil certutil certutil certutil certutil certutil certutil certutil certutil certutil the default templates for a W2K3 CA. -SetCAtemplates -Administrator -SetCAtemplates -DirectoryEmailReplication -SetCAtemplates -DomainControllerAuthentication -SetCAtemplates -EFSRecovery -SetCAtemplates -EFS -SetCAtemplates -DomainController -SetCAtemplates -WebServer -SetCAtemplates -Machine -SetCAtemplates -User -SetCAtemplates SubCA :Publish the required certificate templates certutil certutil certutil certutil -SetCAtemplates -setCAtemplates -setCAtemplates -setCAtemplates +EFS +KeyRecoveryAgent +EFSRecovery +CAExchange As shown here, the certutil setCAtemplates command can either add templates (+Template name) or remove templates (-Template name). You can use this command in a batch file to define the exact set of certificate templates that must be published at a specific CA.
|
|