I need to request a certificate for computer which is not a domain member. Certificate is needed for L2TP VPN.
When I run certreq -new based on inf file, i got an error that template is not found.(Template not found. Do you wish to continue anyway?)
Where should I run "certreq -new req.inf req.req"? On issuing CA or nonDomain computer?
I've used "Prepare certificate request template" and "Create a request file to use with an Enterprise CA" from SCENARIO 2. I have two tier PKI (Offline ROOT CA and Enterprise Issuing subordinate CA).
Awesome post and flow chart - thanks!
After a bit more experimentation I was able to get it using this:
$ip = [Convert]::ToBase64String(([System.Net.IPAddress] "10.0.1.2").GetAddressBytes())
(New-Object -ComObject X509Enrollment.CAlternativeName).InitializeFromRawData(8, 0x1, $ip)
I stumbled upon your article while researching how to create a alternative name that is an IP address using the CertEnroll API. From the MSDN documentation:
Here's what i've got:
(New-Object -ComObject X509Enrollment.CAlternativeName).InitializeFromRawData(8, 0x1, $rawData)
What i'm having trouble with is $rawData... I'm not sure how to convert "10.0.1.2" to "A BSTR variable that contains the DER-encoded data." as the documentation says...
Can you help?
> If a client has certificate, on smart card used for logon, signed by SubCa revoked certificate, and he tries to log on and has old (cached) CRL, does that mean it will be able to log on?
Possible yes. If a cleint is Windows Vista and newer then it will attempt to check if CA server has issued new CRL prior to planned publication date. This really depends from several factors. For more information please sheck this article:
© 2008 - 2021 - Sysadmins LV. All rights reserved