|
Posted by Mike Celone on January 26, 2007, 12:39 pm
Please log in for more thread options I am using the Version 1 certificate I believe. From what I have read you
need Windows 2003 Enterprise to use Version 2 certificates and the CA is
Windows 2003 Standard. However I don't believe that Authenticated Users is
enough since I had to add our the Domain Users groups from our child domains
to the Certificate Templates in order to allow the child domain users to see
the certificates. The Domain Computers group from the child domain does not
have permissions to the Web Server certificate. I'll attempt to add that
now and see how it works.
Mike
> microsoft.public.windows.server.security news group, Mike Celone
>
>> I am now trying to submit an online certificate request through IIS on a
>> Windows 2003 machine and have not been successful. The option is
>> available
>> to submit it online and it can see the CA (it shows up in the drop down
>> menu) but when the wizard finishes I have no certificate installed. I
>> have
>> verified that the user account I am using has rights to read and enroll a
>> web server certificate template by going to the Certsrv webpages and web
>> server shows up in the list of templates I can request. Are there some
>> other permissions I need to set to request online certificates?
>
> Do you have the default version 1 Web Server certificate
> template published or are you using a custom version 2 template?
> If the latter it won't work as the IIS wizard is hard coded for
> the version 1 template and can't be changed.
> Also, does the computer itself have permissions on the template
> (authenticated users is enough)? When using the IIS wizard it
> doesn't matter which user account you're using, the request is
> submitted in the security context of the computer account.
>
> --
> Paul Adare - MVP Virtual Machines
> Waiting for a bus is about as thrilling as fishing,
> with the similar tantalisation that something,
> sometime, somehow, will turn up. George Courtauld
>
| 
XML Sitemap