Hello
We are looking at an Enterprise CA (Windows 2008 R2) within our environment to provide authentication certificates to remote users.
We will have an application server that generates a CSR on behalf of the user. The CA will then create the cert, sign it, and the app server will send the cert to the client.
I had a question in terms of where the certificates are held once they are generated. I understand that the certificate is sent to the remote user, however does the CA also keep a copy of the cert in its local CA database? We also have the option to publish the cert to Active Directory, in which case we'll have a copy of the cert that was sent to the user, a copy of the cert in the CA database, and a copy of the cert in Active Directory (if we so wished)?