Guest Ferg Posted April 7, 2009 Posted April 7, 2009 Additional post - is in General Discussion, but latterly found this NG Hey folks, I wonder what's the best way to go about creating certficates (from a Win2003 CA) for non-domain devices - Wyse terminals and printers? I guess I can create them from a WinXP client and import the pfx file onto the device, but would it need any more than that - a custom template or so? Cheers, Ferg. Quote
Guest Brian Komar \(MVP\) Posted April 7, 2009 Posted April 7, 2009 What do you plan to do with the certificate? You need to provide way more details. Brian "Ferg" <Ferg@discussions.microsoft.com> wrote in message news:48886303-524E-4177-821B-1BFAC48C3CD8@microsoft.com...<span style="color:blue"> > Additional post - is in General Discussion, but latterly found this > NG > Hey folks, > > I wonder what's the best way to go about creating certficates (from a > Win2003 CA) for non-domain devices - Wyse terminals and printers? > > I guess I can create them from a WinXP client and import the pfx file onto > the device, but would it need any more than that - a custom template or > so? > > Cheers, > > Ferg. > </span> Quote
Guest Ferg Posted April 7, 2009 Posted April 7, 2009 Thanks for the reply Brian, Network has 802.1x so we need to have certs for authentication on the network. The workstations are enrolled automatically but these other devices that can't create the certs themselves must have them created for them. I would imagine we can use the Workstation template, but I've not worked out how to create one of these manually (it doesn't show up from the drop-down list when I select "Advanced Certificate Request". Ferg. "Brian Komar (MVP)" wrote: <span style="color:blue"> > What do you plan to do with the certificate? > You need to provide way more details. > Brian > > "Ferg" <Ferg@discussions.microsoft.com> wrote in message > news:48886303-524E-4177-821B-1BFAC48C3CD8@microsoft.com...<span style="color:green"> > > Additional post - is in General Discussion, but latterly found this > > NG > > Hey folks, > > > > I wonder what's the best way to go about creating certficates (from a > > Win2003 CA) for non-domain devices - Wyse terminals and printers? > > > > I guess I can create them from a WinXP client and import the pfx file onto > > the device, but would it need any more than that - a custom template or > > so? > > > > Cheers, > > > > Ferg. > > </span> > > </span> Quote
Guest S. Pidgorny Posted April 8, 2009 Posted April 8, 2009 Depending on the OS - Wyse alone has (or had) devices running Windows XP embedded, Windows CE and ThinOS, a BSD-based OS. Usually vendors provide details as to installing a certificate. In most cases, you can start with a PFX file containing the key and the certificate. _S Ferg wrote:<span style="color:blue"> > Thanks for the reply Brian, > > Network has 802.1x so we need to have certs for authentication on the > network. The workstations are enrolled automatically but these other devices > that can't create the certs themselves must have them created for them. > > I would imagine we can use the Workstation template, but I've not worked out > how to create one of these manually (it doesn't show up from the drop-down > list when I select "Advanced Certificate Request". > > Ferg.</span> Quote
Guest Ferg Posted April 8, 2009 Posted April 8, 2009 I think I maybe wasn't clear in my 1st post. Likely because of my lack of exposure to this stuff. I've found the certreq tool which seems to do what I want (create a non-user or web server certificate and export it onto a device). It's a right pain in the @ss though. Not sure why they don't put any of the other certificate templates into the webserver/certsrv web page. Would be sooooo much easier! :-) F. "S. Pidgorny" wrote: <span style="color:blue"> > Depending on the OS - Wyse alone has (or had) devices running Windows XP > embedded, Windows CE and ThinOS, a BSD-based OS. > > Usually vendors provide details as to installing a certificate. In most > cases, you can start with a PFX file containing the key and the certificate. > > _S > > > Ferg wrote:<span style="color:green"> > > Thanks for the reply Brian, > > > > Network has 802.1x so we need to have certs for authentication on the > > network. The workstations are enrolled automatically but these other devices > > that can't create the certs themselves must have them created for them. > > > > I would imagine we can use the Workstation template, but I've not worked out > > how to create one of these manually (it doesn't show up from the drop-down > > list when I select "Advanced Certificate Request". > > > > Ferg.</span> > </span> Quote
Guest Ferg Posted April 8, 2009 Posted April 8, 2009 Yeah but I (a user) am trying to create a wks cert. I can do it for a web server, why not a wks? :-) Anyway, I'm a bit closer now and heading in the right direction. Thanks guys. F. "Brian Komar (MVP)" wrote: <span style="color:blue"> > They are not domain members. If I remember correctly, you need to request > user certificates for the device. > You also have to decide whether to request one certificate per, or to > implement a common certificate that is burned into the image of the > terminal. > In either case, you need to save the certifciate and key pair in to the > permanent RAM of the system. > It will not appear in the Web page as you are connecting as a user and the > workstation auth is a computer certificate only for computers with accounts > in AD. > BRian > > "Ferg" <Ferg@discussions.microsoft.com> wrote in message > news:0D1BFCA2-6BDB-4D6D-BFCB-6BE2AC03A41E@microsoft.com...<span style="color:green"> > > Thanks for the reply Brian, > > > > Network has 802.1x so we need to have certs for authentication on the > > network. The workstations are enrolled automatically but these other > > devices > > that can't create the certs themselves must have them created for them. > > > > I would imagine we can use the Workstation template, but I've not worked > > out > > how to create one of these manually (it doesn't show up from the drop-down > > list when I select "Advanced Certificate Request". > > > > Ferg. > > > > "Brian Komar (MVP)" wrote: > ><span style="color:darkred"> > >> What do you plan to do with the certificate? > >> You need to provide way more details. > >> Brian > >> > >> "Ferg" <Ferg@discussions.microsoft.com> wrote in message > >> news:48886303-524E-4177-821B-1BFAC48C3CD8@microsoft.com... > >> > Additional post - is in General Discussion, but latterly found > >> > this > >> > NG > >> > Hey folks, > >> > > >> > I wonder what's the best way to go about creating certficates (from a > >> > Win2003 CA) for non-domain devices - Wyse terminals and printers? > >> > > >> > I guess I can create them from a WinXP client and import the pfx file > >> > onto > >> > the device, but would it need any more than that - a custom template or > >> > so? > >> > > >> > Cheers, > >> > > >> > Ferg. > >> > > >> > >> </span></span> > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.