Answer the question
In order to leave comments, you need to log in
How to automate the creation of pfx certificates?
There was a task to automate the process of creating pfx user certificates from ad. At the moment, handles, a lot of time is spent through the snap-in (Personal - Certificate (RMB) - All Task - Advanced Operations - Enroll On Behalf Of .. Next - Next - Browse, etc.
As I understand it, this is digging towards powershell ...
Ps Google brought to this article club.directum.ru/post/791
The link provided without an ssl certificate, if anything
Answer the question
In order to leave comments, you need to log in
Automating the issuance of mail certificates is the right and natural thing to do. But here it is necessary to take into account the following - before starting mass implementation:
- the admin / IB-shnik should always have a copy of the user's mail certificates (I already have three of them - and they are all stored in different places). Because the mail is stored (that is, it lies on the server in this form) in encrypted form, and if the key is lost, it turns into a pumpkin. Absolutely no chance of recovery
- the issue of mail certificates, respectively, should be organized so that .p12 is created manually by the administrator, so that it is possible to transfer certificates from computer to computer, because issuing a certificate on a local computer places the certificate key (perhaps I did not check!) In the local store immediately, without a chance to extract it from there and any rearrangement of Windows turns mail into a pumpkin.
- certificates are issued for a year, they need to be reissued in a timely manner. If you plan to use external mail readers with certificates (such as MailDroid), you must have an available and valid CRL, for example, decryption in MailDroid may not work without it.
- perhaps there is such a way to do it entirely on Windows, but I do not know it. I used to use a windows CA and it was really a pain to create a CSR on linux, paste it into the web interface of the CA service on windows, export the certificate to linux, build PKCS#12... For some time now I've been doing all this on linux.
UPD: Write, if f. Soap in profile. Postal certificates - what a topic.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question