Hi!

Currently we are using FIM2010 R2 for smartcard management, but would like to use it for software certificates as well:

Current smart card enrollment workflow is as follows:

Self service enabled: false

Enrollment agent enabled: true

Number of approvals: 1

and everything works as expected - smartcard is enrolled with target user's Subject and SAN and is assigned to correct user.

I wanted to use similar workflow with same settings specified above for enrolling software certificates, bet the thing is:

Enrolled certificate is assigned to target user ,but it is enrolled with enrollment agent's Subject and SAN.

How can I get software certificate enrollment working like it does with smart cards(i.e. certificate contains target user's Subject and SAN instead of enrollment agent's)?

regards,

Arnis

Hi,

it seems for smart cards you issue the cards through a enrollment agent, e.g. the facility security requests the certificate and is printing a badge on the smart card and then they hand out the card to the user.

For software certificates you can just allow the user to enroll the certificate without an enrollment agent.

Hope that helps,

Lutz

On Wed, 8 Jan 2014 09:51:03 +0000, arnis_g wrote:

I wanted to use similar workflow with same settings specified above for enrolling software certificates, bet the thing is:

Enrolled certificate is assigned to target user ,but it is enrolled with enrollment agent's Subject and SAN.

How can I get software certificate enrollment working like it does with smart cards(i.e. certificate contains target user's Subject and SAN instead of enrollment agent's)?

You need to make sure that the certificate template is configured to
require 1 signature with an Application policy of Certificate Request

On Thu, 9 Jan 2014 09:59:53 +0000, arnis_g wrote:

Thanks Paul, it works!

Glad to help. Would you mark my post as an answer? I don't care about the
points but it may help someone else who comes along later with the same
que