Re: more AD CS issues

---

• From: "Kristin Griffin" <kristin.l.griffin@xxxxxxxxx>
• Date: Thu, 17 Jan 2008 17:46:52 -0800

---

Ok,

I figured out #2. The answer was to uninstall and reinstall AD CS Web
enrollment. This fixed it. I can now web enroll for certs. So, even
though it said it installed successfully the first time, it apparantly did
not.

Still looking for a fix or clarification for the AIA and ocsp errors.

Thanks,

Kristin
"Kristin Griffin" <kristin.l.griffin@xxxxxxxxx> wrote in message
news:%23fOLfzLWIHA.5448@xxxxxxxxxxxxxxxxxxxxxxx

Thanks in advance for the help.

My setup is this:

· DC = LH_DC1, win2k8 server

· PKI server = LH_PKI1, win2k8 server

· Client = LH_CLI1, vista

I setup my test lab using the AD CS Step by Step Guide, and the OCSP
whitepaper. I am still having these issues:



1. I believe my OCSP implementation is working. I can auto enroll
users now, so that would be a good test right? Also, I can download the
latest CRL, and the responder says that it is OK. Before I could not do
any of this. But I am still concerned by what I see in this picture:

See pic1

Are these locations still valid and should I care? Or is this from when I
was having issues with ocsp? I redid the AIA config (erased the old
http://LH_PKI1 and redid it. That seemed to help.) Am I still having
issues then? If so, how else can I test and resolve this?

I have rebooted the PKI server after I made that change too. Still no
luck in resolving this.



2. When I try to request a certificate from the website:
https://LH_PKI1.contoso.com/certsrv

I can download the latest CRL no problem. But when I go to request a
certificate, I canot. I get the following screen:

See pic2

I am logged on as a user PKI_user3. I can go into the local certificate
store and request certificates that way. The same thing is true if I log
onto the vista PC with the domain admin account. Any more advice here?

I have already created a web serve certificate for my website, and now I
am kind of stuck.

.

---

• Prev by Date: Any MS security options for single server 2008 x64 as notebook OS?
• Next by Date: Re: getting users to logoff
• Previous by thread: Any MS security options for single server 2008 x64 as notebook OS?
• Next by thread: Problem delegating control
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-Disclosure] MSN Webcam / Chat Spoof ... MessageMaybe for use in e-mail - OCSP is per cert, ... MSN Webcam / Chat Spoof ... certificate validation, the size of the CRL would be irrelevant. ... (Full-Disclosure) RE: [Full-Disclosure] MSN Webcam / Chat Spoof ... OCSP is not per cert, you can request cert status of multiple certificates ... Yes with OCSP you have less data per connection, ... certificate validation, the size of the CRL would be irrelevant. ... (Full-Disclosure) trouble wiht AD CS 2008 test lab: ... I setup my test lab using the AD CS Step by Step Guide, and the OCSP ... AIA Location #4 and they are fine. ... No certificate templates can be found. ... (microsoft.public.windows.server.security) help!RTCS and OCSP protocols ... I'm using cryptlib's library to create RTCS and OCSP ... 1)i send a user certificate X.509 to a RTCSserver responder; ... I must know the RTCS responder URL to create the session; ... (sci.crypt) Re: Certification service ... for their trusted root CA store and it's certificate revocation list. ... can be accomplished using Web Enroll. ... certificate from a user to encrypt email sent to that user or verify their ... This recipient must check if the certificate is ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2008-01