Getting FIM CM to inventory all certificate requests made outside of the FIM CM Portal

There's a neat policy module plug-in called "Support for non-FIM CM certificate requests" that's available in the latest version of FIM CM 2010 R2 SP1: 


After adding this plugin as a custom policy module on the CA you need to do the following:

  • put in the SQL connection string (should already be present in the FIM CM Exit module if your FIM CM is already set up and working)
  • tick the certificate templates that you want the template to be applied to
  • define a Profile Template that you want to use for this and specify it in the Profile Template section above

 ...after this you should see all autoenrollment or manal enrollments that go through that CA show up in the FIM CM database - even if they aren't passing through the FIM Portal.


The limitation is of course that this is for reporting and informational purposes only - as FIM isn't making the requests on behalf of the users in this case then no private keys are being handled by FIM when enrollment is done outside the FIM CM portal so you won't be able to do certificate recovery via FIM either.