question

haroldpeters avatar image
0 Votes"
haroldpeters asked LimitlessTechnology-2700 answered

CES and CEP key based renewal – Subject Name formation


Hi,
According to the article here, it is required to have the certificate template setting “Supply in the request and Use subject information from existing certificates for autoenrollment renewal requests” in order to configure certificate key-based renewal via CEP and CES.

134110-1.png


Is it possible to issue the initial certificate by having Subject name via “Build from this Active Directory information” setting and for renewals use the key based authentication?

134145-2.png

The background to this question is, I have some technical user accounts (with Active Directory) where the initial certificate needs to be issued using AD information (Subject Name - Supply in the request is not an option here). Then these certificates will be exported out to some other non-domain joined machines where they will be used in some applications. So, the renewals need to happen in these non-domain joined machines.

Thanks


windows-10-securitywindows-server-security
1.png (2.7 KiB)
2.png (2.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @haroldpeters,

Configure the template for key-based renewal.

As a prerequisite, configure a CEP and CES server for username and password authentication. In this environment, we refer to the instance as "CEPCES01".

Configure another CEP and CES instance by using PowerShell for certificate-based authentication on the same server. The CES instance will use a service account.

In this environment, we refer to the instance as “CEPCES02”. The service account that’s used is ”cepcessvc”.

Configure client-side settings.

in order to execute the renewals within these non-domain joined machines. do follow the below link

https://docs.microsoft.com/en-us/windows-server/identity/solution-guides/certificate-enrollment-certificate-key-based-renewal

Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.