Re: Using Server 2003 to sign Sonicwall VPN certificate

---

• From: "Joe" <jwdaigle@xxxxxxxxxxxxx>
• Date: Wed, 11 Apr 2007 09:45:00 +0800

---

"Brian Komar [MVP]" <bkomar@xxxxxxxxxxxxxxxxx> wrote in message
news:MPG.2072beb2a86027619896d0@xxxxxxxxxxxxxxxxxxxxxxx

In article <#eg2#TEcHHA.4460@xxxxxxxxxxxxxxxxxxxx>,
jwdaigle@xxxxxxxxxxxxx says...

I am trying to use my Server 2003 PKI to sign a certificate generated on
a
Sonicwall 3.1 network appliance. Sonicwall has a tech note describing
"Gateway_to_Gateway_VPN_with_Certificate", which is a step by step guide
to
signing the internally generated certificate on the Sonicwall.

When I try to "Submit new request" on my online issuing CA, I get the
following error:

The request contains no
certificate template information. 0x80094801 (-214687539) Denied by
Policy
Module 0x80094801, The request does not contain a certificate template
extension or the CertificateTemplate request attribute.



So far, Sonicwall tech support has deemed that "there is an
incompatibility". Probably true, but not all that useful an answer. :-)

Anyone else out there tried to do this and was successful?

Thanks,

Joe

Submit the request through thte Web interface (http://server/certsrv).
You are able to provide the certificate template information at that
time. The goal is to find out *what* certificate template to choose.

Based on their initial answer, I doubt you will get a correct response
from Sonic <G>. Probably your best bet is to either submit for a
Computer certificate (v1 template) or to create a v2 based on
Certificate and have the subject provided in the request.
(This template enables both client authentication and server
authentication)

Brian

Hi Brian -

Im hoping you are still "following" this thread. I am still going around
and around with Sonicwall on this. Could I request that I privately send
you the .p10 file that Sonicwall sent me, or a certutil -dump of it, and
have you tell me what exactly is missing? Sonicwall is blaming the issue on
Microsoft. What is ironic is Sonicwall wrote the technote I am following to
do this! :-)

It would be greatly appreciated, and might help the next guy trying to get
this to work -

Please let me know if this is ok,

Joe


.

---

• Prev by Date: Patches installed during shutdown (XP SP2)
• Next by Date: Re: "unpuiblish" a certutil -dspublish 'd ca
• Previous by thread: Patches installed during shutdown (XP SP2)
• Next by thread: Re: PkiView.msc - where does it get its info?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Certificate Authority Error ... How are you generating the request? ... tempalte information. ... certificate template as an example. ... > The request contains no certificate template information 0x80094801 ... (microsoft.public.windows.server.security) Re: Certsrv and Autoenrollment problem ... logic to my problem and loaded ADSIEdit from the support tools. ... V1 Certificate Template could not be loaded. ... > Certificate Services denied request 469 because The requested certificate ... (microsoft.public.windows.server.sbs) Re: CA wont allow me to submit new requests in a text file ... VirtualServer 2005 VMRC server which requires me to generate a certificate ... request, and then submit that request manually to the CA and then import the ... The request contains no certificate template information. ... (microsoft.public.windows.server.active_directory) Re: Certificate Renewal questions ... In the case of request with same key you have the option of selecting ... Advanced page where you can choose a different certificate template whereas ... for renew with same key you cannot choose the template. ... (microsoft.public.platformsdk.security) Using Server 2003 to sign Sonicwall VPN certificate ... Sonicwall 3.1 network appliance. ... Sonicwall has a tech note describing ... signing the internally generated certificate on the Sonicwall. ... When I try to "Submit new request" on my online issuing CA, ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)