Re: Whats wrong with my CAPolicy.inf file?
- From: "Joe" <jwdaigle@xxxxxxxxxxxxx>
- Date: Wed, 12 Jul 2006 10:03:18 +0800
Hi Brian -
I stumbled across a possible explanation for this, and wondered if you
thought this to be a valid inference.
In:
http://technet2.microsoft.com/WindowsServer/f/?en/Library/0e4472ff-fe9b-4fa7-b5b1-9bb6c5a7f76e1033.mspx ,
it states that:
======================================
NewRequest
The [NewRequest] section is mandatory for an .inf file that acts as a
template for a new certificate request. If this section is missing, the
following error message is displayed:
INF file line not found 0xe0000102 (INF: -536870654)
This section requires at least one key with a value. If this section is
empty and has no keys, the following error message is displayed:
Incorrect function. 0x1 (WIN32: 1)
=======================================
My situation is that I was rebuilding my root CA (our PKI is stil in the
planning/prototyping stages), and used a backup of the previous rootca's
key. I was basically installing the CA on a freshly installed server 2k3
R2, and chose to use the option of a previously generated key. In addition,
this CAPolicy.inf file was placed in C:\Windows.
I noticed that the same error (0xe0000102) is logged in the certmmc.log file
I have (along with other errors).
I will be rebuilding the rootCA tommorow, this time not using the
pre-existing key, to see if that works correctly. I will post my findings.
Thanks,
Joe
"Brian Komar" <bkomar@xxxxxxxxxxxxxxxxx> wrote in message
news:MPG.1f170f06842459ac989686@xxxxxxxxxxxxxxxxxxxxxxx
Wow... does this text look familiar <G>.
My guess is that you copied and pasted this from the CD from my book or
from the PDF document. My guess is that the "_" character was translated
to an different character.
Try retyping the section header for [certsrv_server]
Brian
In article <e9CmY7MoGHA.1208@xxxxxxxxxxxxxxxxxxxx>,
jwdaigle@xxxxxxxxxxxxx says...
Hello there - I am creating a standalone Root CA (ie, offline), and
created
a very simple CAPolicy.inf. It seems to be ignoring the settings in the
inf
file. I have already checked to make sure its not CAPolicy.inf.txt :-)
The errors below from certmmc.log seem to indicate the file is found, but
that lines that are there are not read. I have looked at it for a while
to
see if there is any kind of syntax error, but nothing pops out at me.
Like
I said, the file is really simple.
Thanks for any help,
Joe
Here is the Inf file:
[Version]
Signature="$Windows NT$"
[certsrv_server]
Renewalkeylength=4096
RenewalValidityPeriodUnits=10
RenewalValidityPeriod=years
CRLPeriod=weeks
CRLPeriodUnits=26
CRLDeltaPeriodUnits=0
CRLDeltaPeriod=days
[CRLDistributionPoint]
Empty=True
[AuthorityInformationAccess]
Empty=True
[BasicConstraintsExtension]
PathLength=1
And here is the output from certmmc.log:
========================================================================
402.420.948: Begin: 7/6/2006 2:28 PM 54.718s
914.1439.0: certcli.dll: 5.2.3790.1830 retail (srv03_sp1_rtm.050324-1447)
914.1439.0: certmmc.dll: 5.2.3790.1830 retail (srv03_sp1_rtm.050324-1447)
402.315.949: End: 7/6/2006 2:28 PM 54.750s
========================================================================
.
- Follow-Ups:
- Re: Whats wrong with my CAPolicy.inf file?
- From: Brian Komar
- Re: Whats wrong with my CAPolicy.inf file?
- References:
- Whats wrong with my CAPolicy.inf file?
- From: Joe
- Re: Whats wrong with my CAPolicy.inf file?
- From: Brian Komar
- Whats wrong with my CAPolicy.inf file?
- Prev by Date: Re: Utility to export file, folder, and share permissions
- Next by Date: Re: firewall vs security appliance
- Previous by thread: Re: Whats wrong with my CAPolicy.inf file?
- Next by thread: Re: Whats wrong with my CAPolicy.inf file?
- Index(es):
Relevant Pages
|
|
