Re: Certification Authority cannot use certificate template

From: Brian Komar <bkomarr@xxxxxxxxxxxxxxxxx>
Date: Thu, 14 Jun 2007 14:28:59 -0500

On Wed, 13 Jun 2007 23:25:00 -0700, Carma Trepp wrote:

"Brian Komar" wrote:

For a Web server certificate, have you tried using the Web Server
certificate request wizard in IIS Manager. This will allow you to populate
the subject information, make the request based on the right template, and
submit the request to the CA>

Also, at the CA, ensure that the Web server certificate template is
available at the CA.
Since you are running standard edition, you cannot do any certificate
template customization (only enterprise edition supports the issuance of v2
certificate templates). But, Web Server is a v1 template

Brian

The Webserver Template is also available on the CA.
But was a good idea with the IIS wizard. I try now a Workaround to use the
Wizard to create the Certificate for the linux Webserver.

I m go in holiday this evening, and cant read this tread futher.
Thanks for the help.

You have now provided the missing information.
If you are using a Linux Web Server, you need to generate the request at
the Linux Web server, then submit that request through the Certsrv Web
pages (indicating the Web Server certificate template on the page).

Depending on the Web Server, you will probably use OpenSSL to generate the
request and private/public key pair.
After the certificate is issued, you will need to link the certificate back
to the private key.
See the Linux MAN files for details
Brian
.

References:
- Re: Certification Authority cannot use certificate template
  - From: Brian Komar
- Re: Certification Authority cannot use certificate template
  - From: Brian Komar

Prev by Date: Re: Security Updates
Next by Date: Re: security centre Help
Previous by thread: Re: Certification Authority cannot use certificate template
Next by thread: Re: CVE-2007-2229: Administrator passwords are stored somewhere?!
Index(es):
- Date
- Thread

Relevant Pages

Re: Certificate Web enrollment pages
... When you install the web server, you select a CA for the web pages to ... to match the AD enrollment services entry. ... > certificate template ACL's and the certificate actually appearing in ... >> able to request a certificate using a form. ...
(microsoft.public.win2000.security)
Re: How to renew a certificate programmicaly
... Name 2 extension must contain a UPN entry, ... Please notice that the application> policy restriction is "Enrollment Agent" and that the "old certificate" does> not have this application policy. ... > I cannot see this template in the MMC snapin, I guess it is because it has> "X number of authotized signatures" and "Subject details supply in request". ...
(microsoft.public.platformsdk.security)
Re: Problems requesting computer certificates on an issuing CA
... The exact permissions on my template are: ... I tried to manually enroll for a computer certificate based on ... CA allows the computers to request certificates. ...
(microsoft.public.windows.server.security)
RE: SIMple SSL question ??
... OK - i would also delete a cert request file lying around. ... But a certificate is a pub key + extra info. ... That said - if someone compromises the server he will also find a way to retrieve the private key. ... traffic between the initial web server and the client. ...
(microsoft.public.dotnet.security)
Re: Certificates for l2tp VPN
... "IPSec offline request" template, the certificate is in the Local ... can´t install the correct certificate to make it work. ...
(microsoft.public.win2000.security)