Re: cannot create new certificate template to issue

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 12/05/04 

Date: Sun, 5 Dec 2004 10:29:58 -0800

are you running windows server 2003 enterprise edition on the CA?

http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

Windows Server 2003 certificate templates whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx 

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Top Whitepapers:
Auto-enrollment whitepaper: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Best Practices for implementing Windows Server 2003 PKI: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Troubleshooting Certificate Status and Revocation whitepaper: 
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
Windows Server 2003 web enrollment and troubleshooting guide: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
Windows Server 2003 web enrollment and troubleshooting guide: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
"bill" <bill@discussions.microsoft.com> wrote in message 
news:18285235-F0DA-41D5-ADEE-81E8E377F4C7@microsoft.com...
> i'm running server 2003, my own root CA, logged on as domain admin. in the
> certificate templates management MMC i create a duplicate certificate, on 
> the
> general tab i checked to publish in AD,on the request handling tab i 
> checked
> archive private key, allow key to be exported, and enroll without user 
> input,
> on subject name tab- build from AD, use common name, and include e-mail
> address, on security tab i allowed authenticated users read,enroll, and
> autoenroll. back in template manager cert shows up as autoenroll is 
> allowed.
> but when i go back to the CA MMC and go to new certificate template to 
> issue,
> the new template doesn't show up. the CA computer did get a new cert to 
> allow
> for private key recovery. i have waited a day for AD to replicate even 
> though
> this is a single site domain.

Relevant Pages

  • Re: cannot create new certificate template to issue
    ... i just realized that the CA computer is 2003 standard. ... > Best Practices for implementing Windows Server 2003 PKI: ... >> certificate templates management MMC i create a duplicate certificate, ... >> archive private key, allow key to be exported, and enroll without user ...
    (microsoft.public.win2000.security)
  • Re: cannot create new certificate template to issue
    ... > Best Practices for implementing Windows Server 2003 PKI: ... > Troubleshooting Certificate Status and Revocation whitepaper: ... >> certificate templates management MMC i create a duplicate certificate, ...
    (microsoft.public.win2000.security)
  • Re: Smart card enrollment issues
    ... What SKU are you using of Windows Server 2008. ... The CA must be running on Enterprise Edition to enable v2 or v3 certificate templates. ... Problem 2 - When i try to issue from the standard "smart card logon", ...
    (microsoft.public.windows.server.security)
  • Re: Certificate Templates - Duplicating template - Issue does not work
    ... Rather than upgrade the OS for this service, can I create and import a V1 ... > templates you will have to run your CA server on Enterprise Edition. ... > Implementing and Administering Certificate Templates in Windows Server ...
    (microsoft.public.win2000.security)
  • Re: Certificate Services Issues
    ... I was just told that the reason this is failing is that the private key is ... How do I set the web enrollment feature to allow ... >> find it in any of the templates. ... > Windows Server 2003 Enterprise Edition computer, ...
    (microsoft.public.windows.server.security)
Quantcast