Control Certificate selection

-

this dual ca environment 1 ca retired. dual implementation due poor original ca2003 implementation , replaced new considered ca 2008 environment. the ca2003 provisioning for certificates was turned down 30 days ago. fine except 1 "user experience" problem

the original ca2003 user certificates , new ca2008 user certificates are able be used device/user verification mechanism vpn access (juniper) "user experience" issue the pop-up being presented in the browser window when authenticating, choice of using either certificate. prior delivery of user 2008 certificate, transparent. user not asked choice of certificates. question/conundrum.

i have thought of different options , none pretty. other than:

1. manual move of ca2003 user certificate trusted people store site support/help desk staff  or 

2. changing ca2003 user template not not renew with a very short lifespan, enable ca2003 new user template and force renewal of ca2003 user certificates or

3. convoluted powershell script interrogate the personal user store certificates ca2003 certificate template , initiate a transfer trusted people folder.

is there cleaner option can consider or pursue. my initial solution a. provide awareness b. fix sr mgmt , call service desk. c. let problem disappear ca2003 user certificates expire. solution has not made friends , tasked find better mousetrap. solutions/suggestions gladly accepted

once have multiple certificates in store, can't automatically select one, hence choice prompt.

you can define old user certificate template superseded new user certificate template; force old certificate removed , replaced. http://technet.microsoft.com/en-us/library/cc753044(v=ws.10).aspx

cheers

jj

jason jones | forefront mvp | silversands ltd | blogs: http://blog.msedge.org.uk , http://blog.msfirewall.org.uk


tried , discovered partial/minimal success. i think know the cause. if the certificate provisioned. template change has no impact existing provisioned provided certs. think i may need force renewal cause renewal. next step, here come

thanks, should have thought of this. provide update if solves.



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Event ID 64,77,1008 Certificates Events Windows Server 2008, 2008R2

-
hi guys, i need event ids. event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? event id 77 - 1 strange me. warning , in same time don't see suspicious: "windows default" policy module logged following warning: active directory connection <domain controller name> has been reestablished <domain controller name>. have 4 dcs. should check or ignore these messages. event id 1008 - "certificate services client: credential roaming not performed because number of tokens in local store has exceeded limit." - i've checked articles credential roaming i'm not sure should do. if give tips , answers, great. in advance. hi, event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? i assume these
Read more