Saturday, December 24, 2016

Configure Windows server to not enforce password for certificate enrollment

Please refer below link:

http://www.petenetlive.com/KB/Article/0000947

NDES Disable Password Requirement.

I've read a few blogs and articles that say;
"There is no way for Cisco devices to supply the required password to enroll with NDES/MSCEP, so you need to disable the requirement for a password."
This is NOT TRUE, however the whole point of issuing certificates via your PKI infrastructure, is that it can scale dramatically. If you are creating passwords and embedding those passwords in all your enrollments, it can get a little unwieldy. So it may be sensible to remove the password requirement.
1. Windows Key+R > regedit {Enter} > Navigate to;
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > MSCEP > EnforcePassword > EnforcePassword
To disable change the value to 0 (zero).
Disable NDES Password Enforce
Below you can see the difference, with the password requirement enforced, and without.
Get NDES password
2. Restart the Certificate Services Service;
net stop certsvc net start certsvc
Restart Certificate Services

Tuesday, December 13, 2016

Windows server installation

Windows 2008 Enterprise CA NDES Installation with SCEP on Cisco Router: https://youtu.be/387OccoWDQQ

Automate certificate management for a local computer: https://youtu.be/0UXZ-6DEPsA

OCSP : http://www.vkernel.ro/blog/installing-and-configuring-a-microsoft-online-certificate-status-protocol-ocsp-responder

https://www.youtube.com/watch?v=TAwhvllLB34

https://www.youtube.com/watch?v=jRVCDsN3rf8


Use below URL to get the "enrollment challenge password" to be used during certificate request:

https://10.105.41.153/certsrv/mscep_admin/