ENC Authorization uses Uniform Resource Identifiers (URI's) for its internal database. An ENC URI has the following format:
x509cert://[TLS-SCHANNEL]/CN=forward,OU=computers,DC=forward,DC=com
Indicates the namespace. X509cert means that the URI represents an x.509 certificate identity.
Specifies the authority embedded in the URI. This special authority name shows that the authentication is devolved to the TLS SCHANNEL security provider and the WinTrust provider. These providers manage the certificate trust on ENC's behalf.
Defines the x.500 subject name as embedded in the certificate. The actual format and content of this name is provider-specific. The above example is from a certificate created by Microsoft Active Directory integrated Certificate Services. Different PKIs and manual certificate creation may use different naming conventions.
To find out a computer URI programmatically, you can use the encUtilCmd utility. Executing "encUtilCmd certv" shows the certificate identities that the machine uses for ENC authentication—both as a client and server if applicable.
Example: encutilcmd certv command
C:\>encutilcmd certv INFO: Current process user is a member of local administrators group. INFO: Created and validated client side TLS context OK. URI: x509cert://[TLS-SCHANNEL]/CN=mach-02,CN=encserver,O=enc INFO: Created and validated server side TLS context OK. URI: x509cert://[TLS-SCHANNEL]/CN=mach-02,CN=encserver,O=enc
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|