Follow

What are the minimum rights required to setup an MSCA

Applies To:

Venafi Encryption Director 8.0 and above

Microsoft Windows 2003 and above

Summary:

Below are the required steps to set up the Microsoft CA Template object so VenafiTM Encryption Director can initiate and auto-enroll and new certificate and key generation requests with the Microsoft Certificate Services CA.

Minimum rights required to setup an MSCA:

  1. Create an Active Directory service account for Director to use when requesting certificates from Microsoft CA.
  2. Using the Certificate Authority MMC snap-in, right-click on the CA's name and select Properties.
  3. On the Security tab, grant the service account 'Read', 'Issue and Manage Certificates', and 'Request Certificates'.

    Screen_Shot_2014-05-30_at_10.33.53_AM.png


  4. Using the Certificate Templates MMC snap-in, right-click on a template that Director will request certificates from and select Properties.
  5. On the Security tab, grant the service account 'Read' and 'Enroll'.

    Screen_Shot_2014-05-30_at_10.36.28_AM.png


  6. Repeat this step for all templates that Director will be using.

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments