![]() ![]() Now about distributing the fingerprints via GPO - even if users are offline, is it not possible to "queue" the push until they are online? ![]() The whole point of the fingerprint being stored at the registry is so that the client will "remember" the decision to trust that certificate and won't keep pestering the user to approve the cert again or not.įrom that point, if a new certificate is presented to the client, it will NOT trust the certificate regardless if all its fields are legit - and the reason will be that the fingerprint is different than what it "remembers". ![]() That is indeed the answer I would have given out as well.Īs for the fact that the client cares about fingerprint only - that is true but only after the client has saved its first fingerprint to the registry.īut at the very first connection by the client when it is first installed, the registry is empty, and then it does consider factors such as Subject and Issuer. I've noticed that sk66263 was already suggested to Jorgen at the CheckMates thread. "My name is Gil, I will be assisting you throughout this ticket. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |