Re: cert authority

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Dmitry Korolyov [MVP] (d__k_at_removethispart.mail.ru)
Date: 03/17/04 

Date: Wed, 17 Mar 2004 23:02:14 +0300

Open the certificates console for your user and check Trusted Root
Certification Authorities store. Is there a certificate of your Enterprise
Root CA? It should be, if your workstation is connected to the same forest
where CA is installed. If not, just install it manually or using GP. 

-- 
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Active Directory
  "Jeff Miller" <Jeff_Miller@kaplan.com> wrote in message 
news:OPDXAnFDEHA.2052@TK2MSFTNGP11.phx.gbl...
  Dmitry,
  I set this up in a w2k3 test env, followed teh white papers, raise the
  domain functional level to 2003 (not sure why but white papers said to, 
and
  the wireless worked like a charm, never prompted to trust cert.
  Now that I moved it into my 2k AD, it doesn't seem to trust the cert.  We
  want a wireless user to just have it authenticate their domain\user and 
pwd.
  Can you shed any light on this?
  Thanks again,
  Jeff
  "Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
  news:eu63z5EDEHA.240@tk2msftngp13.phx.gbl...
  Place the root CA's cert in Truster Certification Authorities store on 
your
  client computer. This should automatically ensure trust to all downlevel
  certificates issued by this CA.
  -- 
  Dmitry Korolyov [d__k@removethispart.mail.ru]
  MVP: Windows Server - Active Directory
  "Jeff Miller" <Jeff_Miller@kaplan.com> wrote in message
  news:u9nvagEDEHA.2424@TK2MSFTNGP09.phx.gbl...
  We have a problem with wireless authentication.  I have a CA setup on a
  member server w2k3, IAS on another member server w2k3 (with a cert from 
the
  CA), in an active directory native mode 2000.  The access point is cisco.
  We can connect and authenticate properly, however it prompts us to ask if 
we
  trust the certificate.  If we don't click yes quickly, it will fail.
  Any ideas on how to automatically trust and verify the cert, or how to
  increase the timeout (now about 2 seconds).
  Thanks in advance

Relevant Pages

  • Re: Enterprise Subordinate CA signed by third party Commercial CA like Verisign/Thawte/etc
    ... we will need to have trust ... As far as standard versus enterprise, ... If the root CA is compromised your whole PKI ... > your certificates then it would make sense to use your own CA. ...
    (microsoft.public.windows.server.security)
  • Re: cert authority
    ... Any chance that you can explain the reason w2k3 white papers told me to ... automatically verified the cert, where now it can't verify it automatically. ... Open the certificates console for your user and check Trusted Root ... Now that I moved it into my 2k AD, it doesn't seem to trust the cert. ...
    (microsoft.public.win2000.active_directory)
  • Re: Automatic IE6 Selection of Client Certificate
    ... the certificates have the same root. ... >to automatically select the cert when only one cert is ... >> regards, ...
    (microsoft.public.platformsdk.security)
  • Re: adding CA certs
    ... and in fact I see it in the listed in the root ... Certificates, however, I think I need to have it added to ... my desktop, and go to our CA cert installation page, we ... can install from the browser. ...
    (microsoft.public.pocketpc)
  • Re: EAP-TLS CA Authentication issue
    ... enterprise CA you need to register it with the AD domain as a trusted root ... I have a 2003 IAS server running on a system with a 2003 standalone ... I have installed certificates on both the IAS server ... CA snapin and see the Cert in the local machine personal certs store ...
    (microsoft.public.internet.radius)