Click here to get back home

Trust for a (locally-issued) Certificate Authority
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Trust for a (locally-issued) Certificate Authority prasen67 11-01-2006
Posted by prasen67 on November 1, 2006, 3:09 pm
Please log in for more thread options
 I order to use SSL with web services I need to open the SSL connection
in IE without any dialogs or warnings. A web service can not ask the
user to accept the certificate that's why it fails to open the
connection and I get this error ""Could not establish secure channel
for SSL/TLS"

We have created/issued our own Certificate and installed it under
Trusted Root CAs.

Even though I install the certificate correctly each time, I am always
prompted to trust the certificate each time I browse to the Orders Web
Service.

So we don't have implicit trust.

How can we issue a certificate and install it so Windows 2003 will
trust it implicity (i.e. the SSL connection in IE without any dialogs
or warnings)?

Thanks in advance!


Posted by Brian Komar [MVP] on November 1, 2006, 5:28 pm
Please log in for more thread options
 prasen67@yahoo.com says...
> I order to use SSL with web services I need to open the SSL connection
> in IE without any dialogs or warnings. A web service can not ask the
> user to accept the certificate that's why it fails to open the
> connection and I get this error ""Could not establish secure channel
> for SSL/TLS"
>
> We have created/issued our own Certificate and installed it under
> Trusted Root CAs.
>
> Even though I install the certificate correctly each time, I am always
> prompted to trust the certificate each time I browse to the Orders Web
> Service.
>
> So we don't have implicit trust.
>
> How can we issue a certificate and install it so Windows 2003 will
> trust it implicity (i.e. the SSL connection in IE without any dialogs
> or warnings)?
>
> Thanks in advance!
>
>
A couple of solutions are possible:
1) Create a GPO that adds your root certificate to the Trusted Root
Authorities GPO.
2) Publish the certificate into AD so it is trusted by all Windows 2000,
Windows XP, and WIndows 2k3 clients in the forest.
certutil -dspublish -f <rootcert.cer> RootCA

Brian

Posted by prasen67 on November 1, 2006, 9:53 pm
Please log in for more thread options
Thanks, that worked!!


Similar ThreadsPosted
Question regarding Certificate Trust Lists November 20, 2007, 4:38 pm
Create Certificate Request for Windows2003 certificate authority without using website March 22, 2006, 8:07 am
Root Certificate Authority October 22, 2006, 6:35 am
PEM file with certificate authority? February 6, 2007, 10:56 am
Re: Rendom and certificate authority on DC June 5, 2007, 11:25 am
Searching Certificate Authority September 17, 2007, 6:02 pm
Re: Need to transfer Certificate Authority from one DC to another September 26, 2008, 8:53 am
Clustering Certificate Authority Server November 21, 2005, 5:27 am
Certificate Authority backup failed. November 27, 2005, 6:41 pm
How to tell if Certificate Authority is root, stand-alone or? February 8, 2007, 10:27 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap