requesting cert from local CA: "no trusted certificate authorities available"



I'm playing around with AD, certificates, and smart cards on a test server separated from the rest of our network. I'm currently going by http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/mapcerts.mspx, trying to get a certificate that I can place on my smart card to log in with.

I have a certificate authority installed on this domain controller (as a stand-alone root CA), and I can see its cert in "Trusted Root Certificate Authorities". If I try to launch the "Request New Certificate" wizard for any account, I get an error message saying the wizard could not be started because "there are no trusted certificate authorities available", or permission is denied.

Is there something special I have to do to get the local machine to "trust" this CA, or some other way I should go about this?

Thanks
Bean
.



Relevant Pages

  • Certificate Authority and smart cards
    ... I have installed the root CA on one of our 2000 servers, added the snap-ins ... Certificate Authority, Certificates for both Local computer and current user ... Now my documentation wants me to connect the smart cards to the server ...
    (microsoft.public.win2000.security)
  • Re: Certificate Authority and smart cards
    ... through IE to the web pages from any windows client. ... > Now my documentation wants me to connect the smart cards to the server ... > and use the Certificate Services web site on the local machine to request ... > workstation and not the server itself. ...
    (microsoft.public.win2000.security)
  • Re: CA Issue
    ... The smart cards do hold the certificates, ... quite sure from a technical perspective how VPN works. ... which hold the certificate. ...
    (microsoft.public.win2000.security)
  • Re: Certificate Renewal / Smart Cards
    ... if a smartcard certificate is also used for any encryption purposes, ... | The user must have read, enroll and autoenroll access to the certificate ... |> to enroll for smart cards. ...
    (microsoft.public.windows.server.security)
  • RE: Activesync + OWA + SSL Cert key
    ... "no certificate has been requested for the default site in IIS. ... Am I right that the steps I should take is, go through the WSC wizard to ... the wsc wizard on the default website I should run the Internet and Email ... install the certificate on the Windows SBS server. ...
    (microsoft.public.windows.server.sbs)