|
Posted by Thomas Tomiczek on June 9, 2007, 4:58 am
Please log in for more thread options I am not. Read what I posted.
I said I upgraded the website to retrieve the key so that they work WITH
vista.
Naturally I do request from a 2003 server. What do you think where exchange
runs?
> On Sun, 3 Jun 2007 19:27:33 +0200, Thomas Tomiczek wrote:
>
>> The REALLY interesting things is that this is not possible.
>>
>> According to the MS recommendation we updated the website of our CA to
>> use
>> the website files from longhorn. This is necessary, and demanded, becuase
>> the original ASP website does not work with Vista. It is asked for in
>>
>> When I log into the exchange computer using the domain admin account -
>> nothing is there to select this. There is also nothing there to store the
>> local key. Nada, nihil, nothing. I am not THAT stupid.
>>
>> In fact, my selections look like:
>>
>> Advanced Certificate Request
>>
>>
>> The policy of the CA determines the types of certificates you can
>> request.
>> Click one of the following options to:
>> Create and submit a request to this CA.
>>
>> Submit a certificate request by using a base-64-encoded CMC or PKCS #10
>> file, or submit a renewal request by using a base-64-encoded PKCS #7
>> file.
>>
>>
>> And then:
>>
>> Advanced Certificate Request
>> Please correct the fields marked in RED. The e-mail address may contain
>> the
>> characters A-Z, a-z, 0-9, and some common symbols, but no extended
>> characters. The country/region field must be a two letter ISO 3166
>> country/region code.
>> An error occurred while creating the certificate request. Please verify
>> that
>> your CSP supports any settings you have made and that your input is
>> valid.
>> Suggested cause:
>>
>> Error:
>> Your certificate request has been generated:
>>
>>
>>
>> Certificate Template:
>>
>>
>> Administrator Basic EFS EFS Recovery Agent User Subordinate
>> Certification
>> Authority Web Server
>>
>>
>> Identifying Information For Offline Template:
>>
>> Name:
>> E-Mail:
>>
>> Company:
>> Department:
>>
>> City:
>> State:
>> Country/Region:
>>
>>
>> Key Options:
>>
>>
>> Create new key set Use existing key set
>>
>> CSP: Microsoft Enhanced Cryptographic Provider v1.0Microsoft Base
>> Cryptographic Provider v1.0
>>
>>
>> Key Usage: Exchange Signature Both
>>
>> Key Size: Min: 384 (common key sizes: 512 1024 2048 4096 8192 16384 )
>> Max: 16384
>>
>>
>>
>> Warning: Large keys can take many hours to generate!
>> A key of this size will be generated only if a key for the
>> specified usage does not already exist in the specified container.
>>
>> Automatic key container name User specified key container name
>>
>> Container Name:
>>
>> Mark keys as exportable
>>
>> Enable strong private key protection
>>
>> Additional Options:
>>
>>
>>
>> Request Format: CMC PKCS10
>>
>>
>> Hash Algorithm: SHA-1MD2MD4MD5
>> Only used to sign request.
>>
>> Save request
>> Full path name:
>> This request will be saved and not submitted.
>>
>> Attributes:
>>
>> Friendly Name:
>>
>> THAT IS IT. Nothing else to select.
>>
>>> On Sat, 2 Jun 2007 19:02:53 +0200, Thomas Tomiczek wrote:
>>>
>>>> Simple issue, based on exchange server. Exchange requires usage of SSL.
>>>> It
>>>> uses a self signed certificate, which we do not really like.
>>>>
>>>> Users access the exchange system using a short name in the browser,
>>>> when
>>>> they access OWA: https://exchange/.
>>>>
>>>> Outlooks uses - thanks to automatic confuiguration - the FULL name
>>>> (https://exchange.company.local/).
>>>>
>>>> Now, this is seriously crap. The IIS manager can request a new
>>>> certificate,
>>>> but the wizard does not allow me to enter multiple alternative DNS
>>>> names.
>>>>
>>>> CertServ web signup does allow me to do so, but it does not hook the
>>>> certificate automatically to the web server, and stores it in the user
>>>> account. I can not export the certificate (exportable key is blocked
>>>> out)
>>>> and I can not register it at all in IIS.
>>>>
>>>> Result: crap. Does not work.
>>>>
>>>> How the heck can I get a backup-capable web server certificate with
>>>> multiple
>>>> alternative DNS names from a windows 2003 server certificate authority
>>>> in
>>>> such a way that I can acutally please get it into an IIS website?
>>>>
>>>> Thanks.
>>>
>>> If you can request using the Certificate Services Web pages, then all
>>> you
>>> have to do is enable the Store certificate in the local computer
>>> certificate store option on the Advanced Certificate Request page. This
>>> will store the certificate on the local machine store (you must be a
>>> local
>>> administrator).
>>> You can then run the Web Server certificate wizard and change the
>>> certificate to the certificate you just requested.
>>> Brian
>
> Thanks for finally mentioning that you are requesting from Vista....
> Brian
| 
XML Sitemap