|
Posted by jdc4357 on May 31, 2006, 2:53 pm
Please log in for more thread options
Hi,
I can't seem to get my win2003 dc to request a certificate. Heres what I've
done so far in a test environment.
Installed 2003 Enterprise SP1 and called it adstest-ca in the workgroup
"workgroup". Installed certificate services as a standalone root ca. (IIS
is not installed) Deleted the CRL and AIA distribution points (execpt local)
as best practices recommends for an offline root ca. (Why don't we want a crl
for a root ca? What if my subordiante ca get compromised, how am I going to
revoke its cert besides rebuilding). I ran certutil.exe -setreg ca\DSConfigDN
CN=Configuration,DC=adstest,DC=contoso,DC=com to ensure correct revocation
and chain building as done by the PKI example for contoso. Restarted
certificate services.
Installed 2003 Enterprise SP1 and called it adstest-ent-ca and joined it to
the "adstest" windows 2003 domain. Installed certificate services as a
subordinate enterprise ca. (IIS is not installed) Requested certificate from
adstest-ca (rootca) and installed it on adstest-ent-ca. Restarted cert
services on adstest-ent-ca. So far no problems except it says that it
couldn't verify the cert because there was no crl. (But it worked anyway).
Now I thought I would reboot the domain controller and it would
automatically request the certificate, but it hasn't happened. In a previous
test, I just installed 2003 Enterprise SP1 and installed a Enterprise Root CA
and it requested it fine. But for some reason it's not working this way.
Any information on what to do next or any information at all would be
greatly appreciated!!!
Thanks,
jamie
| 
XML Sitemap