The Certificate Enrollment Policy Web Service and the Certificate Enrollment Web Service are made for non domain connected machines to retrieve certificates of various kinds.
When setting this up, I have a few configuration options:
- KeyBased Renewal (Authenticated with a prior certificate)
- Username Password (sent over SSL?)
- Kerberos
Question
What are some sample scenarios where I would use each option?
For option 1: do I need to have already issued certificates to devices?
For option 3: Do I need to expose a Domain Controller to the internet, I remember reading an advisory saying that Kerberos shouldn't be used on the Internet
What is the difference between the two services, and how are they used?
Aucun commentaire:
Enregistrer un commentaire