Re: Requesting certificate from CA server : problem

stokefan@xxxxxxxxx wrote in
news:1155311622.630920.4250@xxxxxxxxxxxxxxxxxxxxxxxxxxxx:

hi all,

When trying to request a certificate from my IAS server, I get an error
message which says :

"There are no trusted Certification Authorities (CAs) available; You do
not have permissions to request certificates from the available CAs; or
The available CAs issue certificates for which you do not have
permissions"

Can anyone advise as to why please?

thanks.



Is the CA an Enterprise Trusted Root CA?

Is the IAS server a domain member server?

If the answer to both questions is yes, you should be able to resolve part
of the problem by updating group policy on the IAS server. This will place
the CA certificate in the Trusted Root Certification Authorities
certificate store for both the Current User and the Local Computer. After
that occurs, the IAS server will trust the CA. Also verify that the IAS
server is registered in AD and is a member of the RAS and IAS servers group
there.

The second part of the problem is having the CA enroll a properly
configured server certificate to the IAS server. The best way to do this is
to autoenroll these certs to members of the RAS and IAS servers group. That
way if you ever install another IAS server, it will automatically get the
correct cert after it is registered in AD.

To autoenroll a cert, you need to follow these general steps:

-- Open Certificate Templates
-- Use the table in the Help topic "Network access authentication and
certificates" to determine the correct certificate template to use, then in
the Cert Templates MMC snap-in, duplicate/copy the template.
-- Configure the template according to the minimum server certificate
requirements in the aforementioned Help topic
-- Configure the template to autoenroll certificates.
-- Refresh group policy on the IAS server; it will then receive a server
certificate from the CA that can be used for both Server Authentication and
Client Authentication.

See the Help topic "Network access authentication and certificates" in
Windows Server 2003 IAS or VPN Help, or on the web at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx.



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

Relevant Pages

  • Re: IAS certificate needs reloaded on DC every day
    ... This is the first thing I've seen or read that says the certificate for the ... IAS server needs to use the RAS and IAS template for setting up the wireless ... Using Group Policy, I opened the Default Domain Controller OU, then edit ...
    (microsoft.public.internet.radius)
  • Re: PKI: Issue Computer Certificate
    ... Server" certificate template and changed only the security settings so ... The IAS Server is a member of the mentioned group. ... Web Enrollment Page ("create an submit request to this ca") on the IAS ...
    (microsoft.public.windows.server.security)
  • Re: Certificate on Junipers Steel Belted Radius Server
    ... Am I sunk to issue the certificate I ... Templates folder to add a template but I don't any templates that I want ... If the computer is a domain member, you are not sunk. ... Use the wizard to request and install the RAS and IAS Server ...
    (microsoft.public.windows.server.security)
  • Re: 802.1x Authentication
    ... so I think IAS server do not have a certificate. ... If I can not use MD5 because w2k/xp supplicant do not support it neither ... what EAP type must I select when I check "Using 802.1x" on the ...
    (microsoft.public.internet.radius)
  • Re: 802.1x Authentication
    ... so I think IAS server do not have a certificate. ... If I can not use MD5 because w2k/xp supplicant do not support it neither ... what EAP type must I select when I check "Using 802.1x" on the ...
    (microsoft.public.internet.radius)