Server Self Enrollment
Using Active Directory Rights Management Services (AD RMS), you can enroll a server in the certificate hierarchy without sending information to Microsoft. This is called self enrollment. To enable this feature, AD RMS and RMS Client 1.0 SP2 install a server self enrollment certificate and a private key and uses these to create a server licensor certificate on your AD RMS server. The licensor certificate is chained into the certificate hierarchy but no information is exchanged with Microsoft. The certificate is valid for the lifetime of your server and allows the server to generate licenses and certificates.
**Rights Management Services client 1.0 SP1 and Rights Management Services client 1.0: **To obtain a signed server licensor certificate, you must submit a clear text XrML enrollment request to Microsoft or to a company that has a chain of signed certificates leading back to Microsoft.
The following diagram shows how the self enrollment certificate and the server licensor certificate are introduced into the existing certificate hierarchy.
.gif)
See Also
About Active Directory Rights Management Services
Certificate Hierarchies
Licenses and Certificates
Send comments about this topic to Microsoft
Build date: 3/13/2008