|
Posted by Chris Morley on November 26, 2007, 1:12 pm
Please log in for more thread options
Hi all, im trying to run with my own internal PKI on Windows
Enterprise 2003. I am having issues with exchange 2007 and its
nightmare with certificates. I think i have an answer though, and i
would like to run it by people first:
I have defined the cert request fields in an inf file, and submit that
to the certutil CA in my active directory (on that actual machine, and
NOT from the IIS server). I have got the cert coming back with the
additional server names (SAN - mail.mydomain.com,
svr001.mydomain.local, svr001) however it is not returning any private
key (when you click the cert properties it doesnt even mention a key).
I think this has to do with the fact that i am specifying the
WebServer template in the inf file which from cisco's site:
Note: Microsoft has changed the Web Server template with the release
of the Windows 2003 Enterprise CA. With this template change, keys are
no longer exportable, and the option is greyed out. There are no other
certificate templates supplied with certificate services that are for
server authentication, or that give the ability to mark keys as
exportable in the drop-down menu. In order to create a new template
that does so, see the Create a New Certificate Template section.
So tommorow when im back at work i will try to make the new template
whith exportable private key, use certutil/certreq on the domain
controller (where the CA is also installed), export the cert and its
key, move the cert+key file and install it in IIS. Then i will need to
put the cert on all of my wndows mobile devices to allow SSL and
ActiveSync to work.
At least i hope it is that easy!!? I dont want to put IIS on my domain
conrtoller for web enrollment as i want to keep that as small a
footprint as possible, and we dont have the budget for independent
boxes. Wont go into detail but i am running VMs and already Exchange
CAS and SQL 2005 both have IIS running.
Any pointers much appreciated.
Cheers,
Chris
|
| Similar Threads | Posted | | Issue cert to member of untrusted domain | January 28, 2006, 9:31 am |
| 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req | June 4, 2007, 1:56 pm |
| Requesting Code signing cert from cert services | November 4, 2005, 12:11 pm |
| Infrastructure Master Role | October 22, 2006, 6:37 am |
| NTFS/Share Permissions design for DFS (Usr->GL[Job Role]->DL[Resource]) | October 28, 2006, 9:57 am |
| Exchange cluster ip on firewall | June 29, 2005, 12:30 am |
| win 2003 AD + exchange problem | November 25, 2005, 11:52 am |
| OWA and antivirus software for Exchange | October 24, 2006, 9:00 pm |
| Role-based security from Windows Server 2003 Security Guide gives problems | November 6, 2006, 8:00 am |
| Permissions on root c of AD & exchange server | August 18, 2005, 1:45 am |
|
XML Sitemap