Re: Standalone Subordinate Certificate Server Problems

From: adrian cristea (adriancristea@yahoo.com)
Date: 07/30/02 

From: "adrian cristea" <adriancristea@yahoo.com>
Date: Tue, 30 Jul 2002 14:27:50 +0300

thank you for answering me.

more details:

the first time that i try to install the certificate from the root (on the
child) i get the message "The format of the specified computer name is
invalid." If i try again it says "The data is invalid. 0xd (13)".

i followed this document to install and configure the two CA servers:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q271386
i installed stand-alone, not enterprise CAs.

the child CA is an advanced server updated with all the patches
(a.f.a.i.k.). the root CA is also updated with all the necessary patches.
other (new installed and fully patched) server (not advanced) can install
the certificate from root CA and start the certificate service. the servers
have internal dns names; the internal dns domain isn't registered as a
Internet domain name.

i modified the CRL distribution point and Authority Information Access of
root CA to an external DNS name address (this address has an Internet IP
address, assigned to an external interface on a ISA server; ISA server is
using Web Publishing to publish the web pages with .crt and .crl files of
the root and child CAs, in diferent folders/pages). but i tried also with
internal ip addresses as CRL distribution point and Authority Information
Access and is not working either. i deactivated all other locations (ldap,
share, etc.)

below is the request from child to root:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIICDjCCAbgCAQAwgaoxIDAeBgkqhkiG9w0BCQEWEWFkbWluQG1hdGhlc2lzLnJv
MQswCQYDVQQGEwJSTzESMBAGA1UECBMJQnVjdXJlc3RpMRIwEAYDVQQHEwlCdWN1
cmVzdGkxGjAYBgNVBAoTEUZ1bmRhdGlhIE1hdGhlc2lzMRowGAYDVQQLExFGdW5k
YXRpYSBNYXRoZXNpczEZMBcGA1UEAxMQd3d3Mi5tYXRoZXNpcy5ybzBcMA0GCSqG
SIb3DQEBAQUAA0sAMEgCQQDEW4RJthYM7hFo3752PTcw35WOHc8dF2b8fghAmE/k
w1/DAF0SMKZFEVJZW6uf3lDqHQjfIrz9k6XGu71iMnznAgMBAAGggacwKQYKKwYB
BAGCNw0CAzEbFhk1LjAuMjE5NS4yLlNlcnZpY2UgUGFjayAyMHoGCisGAQQBgjcC
AQ4xbDBqMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBTS66eiI+nxqH5k6BtE
LAeEk2qgtDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAUYw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAGXKz+c/1uphU911Tpik
Y20NyXdvK1rK72VXc4SNwlXhcNNABUTOcfYCoVIYR+6NCpCBKAQ2wdunnqHZ2BWA
v20=
-----END NEW CERTIFICATE REQUEST-----

is there an utility to investigate the request? how can you do that?
thanks.

Relevant Pages

  • Re: Another Newbie Troubles with Debian
    ... make multiple selections...for example if I wanted to install the Web Server, ... DNS Server, FTP Server along with the desktop. ... If so type 'su' followed by the root password and then run ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Cannot Telnet to Solaris 5.7 server
    ... In order to install this oftware the user had to clear some ... I was attempting to login as root on the grpahical screen, ... below the screen went black then flashed back to the login screen. ... This is on a Solaris 5.7 server and I noticed that there is no Bin ...
    (comp.unix.solaris)
  • Re: boot net -> 38e00 boot: lookup .../Solaris_10/Tools/Boot failed
    ... boot net -v - install ... that it finds the correct server. ... can NFS mount the root directory just fine. ...
    (comp.unix.solaris)
  • Re: DNS setup for a child domain in Windows 2003
    ... > The thing is though if you are setting up a child domain you need to be ... > to resolve to the dc in the root domain so you dont get the option there ... So you need to have DNS setup before ... You can leave the server pointed at the root zone ...
    (microsoft.public.windows.server.dns)
  • Re: Ex2003 ADC /schemaonly
    ... Can you install ADC into a Child Domain? ... You'll won't need to run Exchange ADC Setup /SchemaOnly in the Root ...
    (microsoft.public.exchange.setup)