General discussion

Locked

PKI Certificate Problem

By Rabbit_Runner ·
Situatioin:
Large Windows 2000 domain, Exchange 2000, workstation XP : all patches and SPs applied.
All users are issued a AMART CARD which contains information for logging onto the network. Email address, PKI certificates, user account, user PIN, user company, etc.
This card is REQUIRED for logging onto the network, security is a prime priority.

Problem:
A user was assigned to us from a different company. This user has a card from the other company and it is used to logon to our network. The logon works perfectly and there is no problem. The issue is with the PKI certificates. Because the person came from a different company, they have a different email address.

We are unable to publish the user's certificates to the GAL in AD and Exchange. The reason is because of the different domain name in the SMART CARD.

The person, who, because of their work assignment, must maintain logons to both domain network (No trusts) This card is the only way that they will be able to accomplish their logins.

We need to be able to publish the PKI certificates to the GAL so the individual can send and receive secure message.

Can anyone help us out with this problem?

thanks in advance.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by HAL 9000 Moderator In reply to PKI Certificate Problem

You'll most likely have to establish a VPN into the other companies Domain to allow the PKI Certs to work correctly. Depending on Security this may or may not be possible but you certainly will not be able to pickup another companies E-Mail through your Exchange Server.

If you can not setup a VPN into the other company you'll most likely need to issue a Temp card with a new e-mail address for your local Domain and get the other company to forward on the e-mails concerned or redirect them to the temp e-mail address.

It all depends on what level of security is employed here as to what you can do but from your description I'm thinking that the latter option is your only alternative.

Col

Collapse -

Self Permissions

by chris.rapp.ctr In reply to PKI Certificate Problem

There is a way to ignore the email address via Group Policy on some smart cards. However, i am not sure where that is...it might requie the ADM template for Outlook.

You might also check the user's Self Permissions on their account. To publish to the GAL, the user must have "write personal information" privs.

Enjoy!

Chris Rapp

Back to Software Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums