This content has been marked as final. Show 3 replies
if your public certs are not in a PKI then you have to do it the way you discovered - when we designed it, we kind of assumed anyone with a PKI would have their public keys in an LDAP or AD store (so other people could get to them etc).
where did you export it from? If it was a LDAP server, just use the LDAP connector to import and provision the users?
I know there's some talk of a new token which will allow your users to register their public key off their smart card on their machine themselves, you may want to discuss this with your account manager, but as I say, it does not exist yet.
Ok, what we did is this. We used a software, i think ActiveSync, to export the public key... then manually imported it into AD.
We have a software that will auto import this info into AD but its still in the works. This will be a non-issue in the next year or two but for now, we have a lot of folks that need to have their public keys imported and tied to their AD user names.
didnt know if there was an easier way to do this rather than ... Insert PIV Card, open Software, Export Public Key, Manually import Public Key into AD profile of a user.
I find it really strange that you've gone to all the effort to issue certs with smart cards, but don't have a public key server? Do you not use PKI to exchange data between users? I guess not if there's no way to look up someone's public key?