The plan was to user our SQL Server (the only Enterprise level server we have) to issue the root CA, publish it to Active Directory and use GPO to push the computer certificate to the workstations.
The plan _almost_ works.... The workstation fails on auto enrollment because it is sending out a request directly to the SQL server (root CA server) to register the certificate. (I see this via WireShark) The SQL server is behind a firewall and we really don't want to open any more ports. Is there a way (that I'm obviously missing) to push the certificates directly from AD (Server 2003 R2 STANDARD) so there is no required communication back to the root CA Server??? I'm wanting all the communication to come directly from the domain controller that is in the same network. Do I need to set up the DC as a subordinate CA? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
