Re: PKI: Issue Computer Certificate

In article <ObVPWAA3GHA.1304@xxxxxxxxxxxxxxxxxxxx>,
patrik.nagelREMOVE@xxxxxxxxxx says...
I try to issue a "RAS and IAS Server" certificate to a domain member
server (2003 SP1). I did make a copy of the original "RAS and IAS
Server" certificate template and changed only the security settings so
that the "RAS ans IAS Server" group has Read, Enroll and Autoenroll
permissions. The IAS Server is a member of the mentioned group.
Then, I've added (add - certificate template to issue) the template to
the issuing ca. But the copied template doesn't appear, when I open the
Web Enrollment Page ("create an submit request to this ca") on the IAS
Server (domain member). I also tried to request the IAS certificate by
using the Certificate Request Wizard (http://tinyurl.com/gco3x) on the
IAS Server.
The Enterprise Root CA is installed on W2003 R2 Enterprise Server. I can
issue user certificates (smartcard logon certs, enrollment agent for
user) without any problems.

TIA
Patrik

You cannot request this certificate through the web enrollment page, as
it is being executed in your security context, not the server's security
context. The only computer certs that you can request through the Web
pages are those that you supply the subject of the cert in the request
or through pasting a CSR into the Web pages.

The certificate request wizard will work though. Did you meet the
minimum requirements:
1) Log on as a member of local Administrators.
2) Launch an empty MMC
3) Load the Certificates console focused on the Local Machine

If you just ran certmgr.msc you again are running as your local account,
not the local machine (which requires local admin access), and the
template will not be available.

Brian
.

Relevant Pages

  • Re: How to renew a certificate programmicaly
    ... Name 2 extension must contain a UPN entry, ... Please notice that the application> policy restriction is "Enrollment Agent" and that the "old certificate" does> not have this application policy. ... > I cannot see this template in the MMC snapin, I guess it is because it has> "X number of authotized signatures" and "Subject details supply in request". ...
    (microsoft.public.platformsdk.security)
  • Re: Problems requesting computer certificates on an issuing CA
    ... The exact permissions on my template are: ... I tried to manually enroll for a computer certificate based on ... CA allows the computers to request certificates. ...
    (microsoft.public.windows.server.security)
  • Re: Certificates for l2tp VPN
    ... "IPSec offline request" template, the certificate is in the Local ... canīt install the correct certificate to make it work. ...
    (microsoft.public.win2000.security)
  • Re: Computer and User Certificates Issues
    ... You created a custom V2 template but is this CA running Windows Server ... > Can you request any certificate at all via the mmc snapin for either user ... > users have the allow permission for request certificates. ... I have also tried manually enrolling for a computer certificate ...
    (microsoft.public.security)
  • Re: Certification Authority cannot use certificate template
    ... certificate request wizard in IIS Manager. ... Also, at the CA, ensure that the Web server certificate template is ...
    (microsoft.public.security)