Finally I managed to do it after reading this Ms doc : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj590165(v=ws.11)?redirectedfrom=MSDN#to-install-a-certificate-enrollment-policy-web-service-that-uses-certificate-authentication
Before using this command :
> Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -SSLCertThumbprint "xxxxxxxxxxxxxxxxxxxxxxxxx"
Execute this command:
> cd cert:\LocalMachine\My
Considering non-domain environments... When AIA is not configured, thus not avialable in certificates, then Root and Sub CA must be somehow available for CCE. The Root Cert should be installed in the Trusted Root Certification Authorities Certificate Store. But how about Subordinate CA/Intermediate CA certificate? I understand it must not be explicitly trusted, but must be available to CryptoAPI for CCE. Where to put it?
Thank Vadims for your quick answer!
Perhaps I didn't fully understand this article but there are screenshots about IIS console with two CEP Applications ("ADPolicyProvider_CEP_UsernamePassword" and "ADPolicyProvider_CEP_Certificate") for example this one.
It is correct: you cannot have multiple CEP (policy servers) instances on same server. Only multiple enrollment services (CES) are supported. And this blog post talks about CES, not CEP.
© 2008 - 2020 - Sysadmins LV. All rights reserved