RE: Certificate Woes - Problem with CA

Hi Brian,

I can request the certificate just fine using IIS. The problem happens when
I submit the Certificate request to the certificate server. I select the 64
base encoded CMC or PKCS #10 certificate request, paste that contents of
certreq.txt in the appropriate box, when I try to select the Web server
template, I am never given that choice. I only have User and Basic EFS as
Template choices (and therefore, that is where I am stuck). I am not sure if
this helped... maybe we are thinking about different methods of submitting
the certificate request... please let me know (this problem is driving me
crazy...)
Thanks,

Allie

"Brian Delaney [MSFT]" wrote:

Hi Allie,

What is the error message that you receive when you attempt to request a
certificate through the IIS console?

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Certificate Woes - Problem with CA
thread-index: Acb3jHJ+Cb2rGI4NRnObzHG/npl39g==
X-WBNR-Posting-Host: 209.77.80.2
From: =?Utf-8?B?QWxsaWU=?= <Allie@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <28B3664A-7FF5-4D09-A416-5DCDFEE5DBEA@xxxxxxxxxxxxx>
<Pj7tsiv9GHA.768@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Certificate Woes - Problem with CA
Date: Tue, 24 Oct 2006 09:50:01 -0700

Hi Brian,

Thank you for responding! The template is published and the correct
permissions are set. Requesting the certificate through IIS console also
fails... Let me know if you have any other ideas.

Allie


"Brian Delaney [MSFT]" wrote:

Hi,

Is the Web Server template published on the CA? Go into the
Certification
Authority snap-in and ensure you can see the Web Server template under
Certificate Templates. If it is not in that list then the template has
not
been published. To publish right-click and go to New and then
Certificate
Template to Issue.

Also verify the correct permissions are on the template. In order to
enroll the user requesting the certificate needs Read and Enroll
permissions and then CA issuing the certificate must also have Read
permissions to get to the template.

If all else fails try requesting the certificate through the IIS console

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
Thread-Topic: Certificate Woes - Problem with CA
thread-index: Acbsn9Q2E0m7BLQ2T9OavwZnjH3ggw==
X-WBNR-Posting-Host: 209.77.80.2
From: =?Utf-8?B?QWxsaWU=?= <Allie@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Certificate Woes - Problem with CA
Date: Tue, 10 Oct 2006 12:11:03 -0700

I am trying to Submit a Certificate Request for my new Exchange 2003
server.
I have already created the certificate request but when I try to get
the
pending request accepted by my CA, using the 'submit a certificate
request
using a base 64-encoded CMC or PKCS #10 file, or submit a ...' choice,
I
encounter the following problem: I only have User and Basic EFS as
choices
for Certificate Templates (I need to be able to select Web Server
instead).
When I go to the CA and select manage the templates, I can see the Web
Server
template just fine (the permissions seem correct). I even tried
duplicating
it, but can't get either the web server or New web server templates to
display in the Submit a Certificate Request or Renewal Request page. I
don't
see any errors in the event log of the CA either. The CA is running on
a
Windows 2003 Server (Std edition). Also, this process was working
until
about a month ago just fine... Nothing major has changed in the server
with
the exceptions of MS security patches being installed (and I don't
think
that
installing patches would have broken CA). Has anyone encountered this
problem or know of a solution? Thanks in advance.






.

Relevant Pages

  • Re: How to renew a certificate programmicaly
    ... Name 2 extension must contain a UPN entry, ... Please notice that the application> policy restriction is "Enrollment Agent" and that the "old certificate" does> not have this application policy. ... > I cannot see this template in the MMC snapin, I guess it is because it has> "X number of authotized signatures" and "Subject details supply in request". ...
    (microsoft.public.platformsdk.security)
  • Re: Problems requesting computer certificates on an issuing CA
    ... The exact permissions on my template are: ... I tried to manually enroll for a computer certificate based on ... CA allows the computers to request certificates. ...
    (microsoft.public.windows.server.security)
  • Re: Certificates for l2tp VPN
    ... "IPSec offline request" template, the certificate is in the Local ... canīt install the correct certificate to make it work. ...
    (microsoft.public.win2000.security)
  • Re: Problem processing SSL certificate response.
    ... "Download SSL Diagnostics 1.1 from Microsoft.com and use it to diagnose ... Note that I am able to work around this by requesting/processing a request ... transfering the generated PFX into the certificate store on the IIS machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Certification Authority cannot use certificate template
    ... certificate request wizard in IIS Manager. ... Also, at the CA, ensure that the Web server certificate template is ...
    (microsoft.public.security)