CA - Certificate Authority for Authentication?

Can a CA be used to authenticate remote users?
Specifically, can a user be set up to have / use a certificate in order to
gain access to a remote network?

My understanding is that you could use a corporate CA to generate a
certificate, and use the certificate as part of a Token / Smart Card / other
form of authentication.

If this is possible, can someone point me to some site that will give more
information / or outline the procedure?

I've been told that it can be done, and that it can't be done (CA's aren't
used for this kind of purpose)... I think it can be - but want to know for
sure.

Thanks in advance!
Mike H.

Hi,

Yes, you can use CA to deploy user certificate in combination with e.g.
smart cards and then only allow (remote) logons to server using these smart
cards...

Here are some white papers on how to set up CA server

Here are some articles on how to set up Microsoft CA and how to deploy
certificates to users.

Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/pro.../ws3pkibp.mspx

Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/pro.../ws03crtm.mspx

PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/pro...an/pkienh.mspx

Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/pro.../ws03pkog.mspx

Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/pro...ty/mngpki.mspx

Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/pro...y/advcert.mspx

You can use Smart Card for remote logons to domain, terminal servers, VPN,
web servers, etc.
You can also use certificates stored on local hard drive to logon to web
servers.

I hope this helps you out. Feel free to post back with any additional
questions.

--
Mike
Microsoft MVP - Windows Security

"'puter-rooter" <(E-Mail Removed)> wrote in message
news:CD760703-17DB-4E6A-A6E0-(E-Mail Removed)...
> Can a CA be used to authenticate remote users?
> Specifically, can a user be set up to have / use a certificate in order to
> gain access to a remote network?
>
> My understanding is that you could use a corporate CA to generate a
> certificate, and use the certificate as part of a Token / Smart Card /
> other
> form of authentication.
>
> If this is possible, can someone point me to some site that will give more
> information / or outline the procedure?
>
> I've been told that it can be done, and that it can't be done (CA's aren't
> used for this kind of purpose)... I think it can be - but want to know for
> sure.
>
> Thanks in advance!
> Mike H.

Thanks Miha! That's excellent!


"Miha Pihler [MVP]" wrote:

> Hi,
>
> Yes, you can use CA to deploy user certificate in combination with e.g.
> smart cards and then only allow (remote) logons to server using these smart
> cards...
>
> Here are some white papers on how to set up CA server
>
> Here are some articles on how to set up Microsoft CA and how to deploy
> certificates to users.
>
> Best Practices for Implementing a Microsoft Windows Server2003 Public Key
> Infrastructure
> http://www.microsoft.com/technet/pro.../ws3pkibp.mspx
>
> Implementing and Administering Certificate Templates in Windows Server 2003
> http://www.microsoft.com/technet/pro.../ws03crtm.mspx
>
> PKI Enhancements in Windows XP Professional and Windows Server 2003
> http://www.microsoft.com/technet/pro...an/pkienh.mspx
>
> Windows Server 2003 PKI Operations Guide
> http://www.microsoft.com/technet/pro.../ws03pkog.mspx
>
> Managing a Windows Server 2003 Public Key Infrastructure
> http://www.microsoft.com/technet/pro...ty/mngpki.mspx
>
> Advanced Certificate Enrollment and Management
> http://www.microsoft.com/technet/pro...y/advcert.mspx
>
> You can use Smart Card for remote logons to domain, terminal servers, VPN,
> web servers, etc.
> You can also use certificates stored on local hard drive to logon to web
> servers.
>
> I hope this helps you out. Feel free to post back with any additional
> questions.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "'puter-rooter" <(E-Mail Removed)> wrote in message
> news:CD760703-17DB-4E6A-A6E0-(E-Mail Removed)...
> > Can a CA be used to authenticate remote users?
> > Specifically, can a user be set up to have / use a certificate in order to
> > gain access to a remote network?
> >
> > My understanding is that you could use a corporate CA to generate a
> > certificate, and use the certificate as part of a Token / Smart Card /
> > other
> > form of authentication.
> >
> > If this is possible, can someone point me to some site that will give more
> > information / or outline the procedure?
> >
> > I've been told that it can be done, and that it can't be done (CA's aren't
> > used for this kind of purpose)... I think it can be - but want to know for
> > sure.
> >
> > Thanks in advance!
> > Mike H.
>
>
>