|
Posted by Brian Komar [MVP] on September 19, 2006, 5:15 pm
Please log in for more thread options
patrik.nagelREMOVE@THISsep.ch says...
> I try to issue a "RAS and IAS Server" certificate to a domain member
> server (2003 SP1). I did make a copy of the original "RAS and IAS
> Server" certificate template and changed only the security settings so
> that the "RAS ans IAS Server" group has Read, Enroll and Autoenroll
> permissions. The IAS Server is a member of the mentioned group.
> Then, I've added (add - certificate template to issue) the template to
> the issuing ca. But the copied template doesn't appear, when I open the
> Web Enrollment Page ("create an submit request to this ca") on the IAS
> Server (domain member). I also tried to request the IAS certificate by
> using the Certificate Request Wizard (http://tinyurl.com/gco3x) on the
> IAS Server.
> The Enterprise Root CA is installed on W2003 R2 Enterprise Server. I can
> issue user certificates (smartcard logon certs, enrollment agent for
> user) without any problems.
>
> TIA
> Patrik
>
You cannot request this certificate through the web enrollment page, as
it is being executed in your security context, not the server's security
context. The only computer certs that you can request through the Web
pages are those that you supply the subject of the cert in the request
or through pasting a CSR into the Web pages.
The certificate request wizard will work though. Did you meet the
minimum requirements:
1) Log on as a member of local Administrators.
2) Launch an empty MMC
3) Load the Certificates console focused on the Local Machine
If you just ran certmgr.msc you again are running as your local account,
not the local machine (which requires local admin access), and the
template will not be available.
Brian
| 
XML Sitemap