2nd try: 922706 Update and certificate for computer
- From: "Franz Schenk" <franzNO-_-SPAM.no-sPAMschenk@xxxxxxxx>
- Date: Tue, 22 Jul 2008 11:16:49 +0200
Hi to all
Does really nobody know how to enroll computer certificates from the new
922706 Microsoft certificate enrollment website? Is my question unclear, or
is it in the wrong Newsgroup? Have googled the question. Quite a lot of
people have the same problem, but haven't found any usefull answer
(certreq.exe is very complicated and not an option, since authentication to
the domain seems not be possible).
Thank you all in advance for any help!
Have installed Windows 2003 IPSec based Remote Access solutions for various
customers. Certificate enrollment for domain based computers is not a
problem and can be done from active directory group policies.
But there are always external computers that require a computer certificate
from the doamin based enterprise CA, based on the Ipsec (Offline Request)
template. In the past, these computers opened the certsrv website on their
computers when they are at the customers location, requested a certificate
and choosed the option "Store certificate in the local computer certificate
store". After that, they were able to establish IPSec VPN connections.
Now, a few users are starting to use Vista, and the certification Website
has to be upgraded with the Hotfix 922706 to support Web Enrollment to Vista
clients. Unfortunately, Microsoft striped out the option "Store certificate
in the local computer certificate store", it's even confirmed in the KB
article 922706. Now with the update installed, it's not only impossible to
request computer certificates from the web enrollment page for Vista
clients, but for XP clients as well!
How is it possible that external computers can get the required computer
certificates? The IPsec (Offline request) template has defined that the
private key is not exportable, so to export an existing certificate and
import it into the computer certificate store is not possible. Upgrade from
Windows 2003 standard edition to enterprise edition just for beeing able to
crate/modify certicicate templates is also not an option.
Any tipps (better than restoring the old CA website and running XP virtual
machines for remote access)? Thank you all in advance for any help!
- Prev by Date: Re: Double Hop Issue
- Next by Date: Re: limited user
- Previous by thread: Double Hop Issue
- Next by thread: Re: limited user