Re: Cannot request certificate on client computer

You could try going to http://<sbsname>/certsrv. Click "Download a CA
certificate, certificate chain, or CRL." On the next page, choose the CA
you created on the SBS and click "Download CA Certificate." In the pop-up,
click Open, then Install Certificate. Let it automatically choose where to
install the cert. Once you've got the CA certificate installed, see if the
wizard runs as described.

I haven't see the issue you're having, so I don't really have any first hand
knowledge of what's going on. It just seems like this would be the next
logical step.


"John Lenz" <lenz4@xxxxxxxxxxxxxx> wrote in message
news:uPpq%23bfWHHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
The certificate does not appear on the client PC trusted root...
certificates. It does appear on the server trusted root... certificates

The client name is fully qualified.

Any thoughts?


"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23FVGSUfWHHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
When you look on the client PC under Certificates (Local Computer) ->
Trusted Root Certification Authorities -> Certificates, do you see one
that uses the name you gave the CA when you installed it on page 376?
Does the client PC have the proper DNS suffix as described on the bottom
of page 379 (computername.domainname.local)?



"John Lenz" <lenz4@xxxxxxxxxxxxxx> wrote in message
news:u6anA2eWHHA.896@xxxxxxxxxxxxxxxxxxxxxxx
I am following MS book on SBS 2003 R2 administrators companion page 378,
Requesting computer and user certificates.

I installed CA on server. Client is correctly attached to domain as
domain admin.

I launch MMC on client computer and add certificates (local computer)
and certificates current user.

When I right-click personal on certificates (local computer) and
request a certificate, I get error panel:

The wizard cannot be started because...
-There are no trusted certificate authorities available
- You do not have permissions to request certificates from available
CAs
- The available CAs issue certificates for which you do not have
permissions


When I created the local certificate on the server machine, the wizard
went through just fine.

Where is the hang-up?







.

Relevant Pages

  • Re: SSL and Client Authentication
    ... First I go on my client and I do a browser request from a CA, ... After issuing a cert. ... install (where I verify that this certification was installed ... > It definitely does not sound like the right way to do client certificates. ...
    (microsoft.public.inetserver.iis.security)
  • IIS - SSL - Root CA auto install
    ... installed as a ROOT CA. ... We have created all the certificates and stuff to enable ... on client computer. ... he wish to install it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Mutual Authentication scheme
    ... I have supposed that you understand clearly what a Certifiication Authority and SSL certificates are. ... Create your own CA, and with this one, create and sign your own certificates (one per client). ... you have to install OpenSSL. ... you have to create certificates for each client and for the server ...
    (Security-Basics)
  • Re: RECOVERING MY ENCRYPTED HD FROM DEAD WINDOWS 2000
    ... certificates were probably only stored on the reinstalled ... file encryption key - different for each file, ... document formats have some standard bytes in - once matched ... The install wouldn't ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Run Fax Service under a different User Account gives "Win32 Error Code: 1307" error
    ... I've been trying to do that, but I can't seem to get the certificates to ... I wouldn't want to give the "Network Service" account access to the ... encrypted files because then any service running under the Network Service ... know of any way to install the certificate for the Network Service user. ...
    (microsoft.public.win2000.fax)
Loading