Click here to get back home

PKI difference between "Advanced Certificate Request"
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
PKI difference between "Advanced Certificate Request" PeterD 05-28-2008
Get Chitika Premium
Posted by PeterD on May 28, 2008, 10:38 am
Please log in for more thread options
 Somebody has set up a CA solution for this company. My problem is when I go
via the web to request a certicate, there are two "things" missing.
The first thing is "Identifying Information: with names, company ect" and
the second is "type of certificate needed" in the Web request. My test setup
have those two but not the "real life" setup. In certification Authority
under PKI under Certifikate templates there were only Domain Controller and
Computer. Everytime I entered the web it came with a "no certificate
templates could be found. You don´t have permission to request a certicate
from this CA or an error occoured while accessing the Active Directory". So I
added "user" template and now it don´t prompt me for this, but still I am
missing the "Identifying Information: with names, company ect" and the second
is "type of certificate needed" in the Web request. Are there something about
security or permissions s??

Best regards
Peter

Posted by bdo on May 28, 2008, 7:56 pm
Please log in for more thread options
Not sure if this is your problem or not, but it could have to do with
the permissions on the cert templates themselves. These are set in a
separate mmc, called "Certificate Templates." The users you want to web
enroll will need to have Read and Enroll permissions on the template.


--
bdo
------------------------------------------------------------------------
bdo's Profile: http://forums.techarena.in/member.php?userid=50025
View this thread: http://forums.techarena.in/showthread.php?t=976801

http://forums.techarena.in


Posted by PeterD on May 30, 2008, 3:31 am
Please log in for more thread options
I think this is because the a PKI Administrator locked down the cert server.
how can I unlock it (there might be a MSBP (MS Best Practice) way ?)

Peter


"bdo" wrote:

>
> Not sure if this is your problem or not, but it could have to do with
> the permissions on the cert templates themselves. These are set in a
> separate mmc, called "Certificate Templates." The users you want to web
> enroll will need to have Read and Enroll permissions on the template.
>
>
> --
> bdo
> ------------------------------------------------------------------------
> bdo's Profile: http://forums.techarena.in/member.php?userid=50025
> View this thread: http://forums.techarena.in/showthread.php?t=976801
>
> http://forums.techarena.in
>
>

Posted by bdo on May 30, 2008, 5:51 pm
Please log in for more thread options

It would depend how and where it's locked down. There are various places
where types of certificates can be locked out - the cert template, the
CA server, the CA server certificate, etc. It could also be something
modified in the web enrollment pages, but I'm not very familiar with
the web enrollment system. But I believe "type of certificate needed"
in the web form ties to certificate templates; if there is only one
available to you, it may not show that field. What type of cert are you
actually trying to issue? Have you tried manually creating a cert
request and submitting it to your CA to see if it'll issue a cert?

PeterD;3771469 Wrote:
> I think this is because the a PKI Administrator locked down the cert
> server.
> how can I unlock it (there might be a MSBP (MS Best Practice) way ?)
>
> Peter
>


--
bdo
------------------------------------------------------------------------
bdo's Profile: http://forums.techarena.in/member.php?userid=50025
View this thread: http://forums.techarena.in/showthread.php?t=976801

http://forums.techarena.in


Similar ThreadsPosted
Firewall difference form exception and advanced setting serivce April 28, 2007, 10:49 am
Create Certificate Request for Windows2003 certificate authority without using website March 22, 2006, 8:07 am
add UPN in certificate Request February 19, 2007, 7:21 am
Cannot request computer certificate. January 6, 2006, 1:00 pm
PKI Certificate request from another forest September 14, 2006, 4:28 pm
Specifying publication location in the certificate request October 8, 2005, 2:03 am
Certificate Services could not process request January 2, 2007, 9:31 pm
Online request of a certificate with CA in another domain January 26, 2007, 11:39 am
Request certificate to a CA in Windows server 2003 January 26, 2007, 12:44 pm
automatic certificate request GPO VS Auto enroll February 19, 2008, 1:50 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap