What is the difference between enroll SSL via mmc and IIS?

Question

I would like to know what is the difference between enroll SSL via MMC (Microsoft Management Console) and IIS?

score 0 · Answer 1 · answered Nov 20 '17 at 09:04

0

Enrolling via IIS requests a certificate with the Webserver template. This has a 2 year lifespan by default.

Enrolling with the MMC allows you to choose any of the templates published by ADCS. If you choose the Webserver template, the resulting certificate will be the same as if you'd used IIS to enrol; although you do get more options with the MMC, so this may not be strictly true if you start tweaking those options.

The option to enrol from IIS is for convenience. I believe Exchange has a similar option.

answered Nov 20 '17 at 09:04

garethTheRed

4,539
14
22

The issue with enrolling with IIS is that the private key may land in the user profile while the certificate and public key land in the local machine. Then you will have to run certutil -repairstore or something like that to reassociate them. I always recommend to use MMC over IIS for this reason alone. – milope Nov 20 '17 at 15:55

What is the difference between enroll SSL via mmc and IIS?

1 Answers1