Re: Certificate template modifying

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 23:05:35 +0200

Hi,

Version 2 certificate templates (edited templates) can only be used to issue
certificates on CA
server that was installed on Windows 2003 Enterprise Edition (not on Windows
2003 Standard Edition).
CA server also has to be setup as Windows 2003 Enterprise CA service
(integrated in AD) not as Windows 2003 standalone CA server.

Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx

Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

Mike

"schapman" <sean.chapman@gmail.com> wrote in message
news:b9ddedc8.0409231251.6d586645@posting.google.com...
> I set up a windows 2003 server and am trying to use it as a
> Certificate Authority. I gave it a name, put it on the domain, and can
> issue certificates with no problem. However, I'm trying to modify a
> certificate template so that I can disable the option to mark keys as
> exportable. When I try and load up certtmpl.msc, I get the following
> error:
>
> Windows could not create the object identifier list. This computer is
> not joined to a domain. Certificate templates are not available.
>
> I don't really understand whats going on here as the computer is on
> the domain. I tried uninstalling the certificate authority, taking the
> machine off the network, re-adding it, and re-installing the
> certificate authority but I get the same issue. Any ideas would be
> appreciated.
>
> Also, is there a way to have it so that certain people requesting
> certificates can only request a specific template while having other
> users be able to pick any they want?

Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Need help configuring Wireless Connection profile
    ... Now life is good in the Windows wireless world. ... now have a secure wireless setup within my small business server environment. ... "point" the info of the Radius authentication to your current Radius server. ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... credentials at the login prompt for Windows Server 2003 on the server ... The certificate is a public thing, ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: EAP-TLS with windows CE
    ... Thanks for the quick response. ... Windows CE then prompts the wireless user for the ... to the AP which gets passed on to an authentication server (RADIUS or ... nothing to do with the contents of the certificate at all. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: Auto certificate and key generation to pfx
    ... Best Practices for implementing Windows Server 2003 PKI: ... Troubleshooting Certificate Status and Revocation whitepaper: ... Regarding the certificate request: ...
    (microsoft.public.platformsdk.security)