Security around automated certificate management/request
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2024 11:37 AM
Looking for information regarding the security requirements for implementing automated certificate management, particularly the permissions required for the account used in the automated certificate request workflow:
The Microsoft Gateway user needs the following permissions:
- CredSSP needs to be configured on the CA and MID Server.
- The User should be part of Enterprise Admins.
- The User should be in the Security Group of the Template used.
- The User should have Read, Issue and Manage Certificates, Manage CA, and Request Certificates Permission in the CA.
We are most concerned with the first two bullet points (especially the second). Granting these permissions, especially Enterprise Admins, is not something I would expect flies in most organizations. Has anyone managed to implement this with a more fine-grained set of permissions? Any help or guidance would be greatly appreciated on this subject!
0 REPLIES 0