The third article by Eric Siron in a series about how to build a fully-functional two-tier PKI environment. This article to show you how to perform the most common day-to-day operations: requesting certificates from a Windows Certification Authority.
I want you to focus on the issuance portion. You do not need to know in-depth details unless you intend to become a security expert. However, you do need to understand that certificate issuance follows a process. Sometimes, an issuer might automate that process. You
The article then dives into:
- The PKI Certificate Request and Issuance Process
- Auto-Enroll Method
- MMC Enrollment Procedure
- Handling Certificate Signing Requests from a Linux System on a Microsoft Certification Authority
- Deprecated Web Enrollment Method
- Alternative Request Methods
In your own environment, you can utilize varying levels of automation. More automation means more convenience, but also greater chances for abuse. Less automation requires greater user and administrative effort but might increase security. Good read!
[Read More]