Can not renew root ca

Can not renew root ca
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Can not renew root ca Harrison Midkiff 02-18-2008
Posted by Harrison Midkiff on February 18, 2008, 11:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello:

I have a Windows 2003 SP1 server running as a Stand Alone Root CA. Its
certificate is about to expire. Whether I choose "Renew Certificate with
New Key..." or "Renetw Certificate with Same Key..." I always get the same
error.

"You do not have permission to request a certificate based on the selected
certificate template"

My account is a member of the Enterprise Admins. I've Googled this, but
haven't found anything. Does anyone have any idea?

Harrison Midkiff



Posted by Saurav Sinha [MSFT] on February 18, 2008, 6:57 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
How are you reneweing the CA certificate? Please try using the CA snapin
certsrv.msc, right click on the CA node and under "All Tasks" action item
you will see the option to renew.
Thanks


Posted by Harrison Midkiff on February 19, 2008, 8:26 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Saurav:

That got it! I was able to renew the cert. One more simple questions if I
could. I remember there was a way to deploy this certificate to
workstations so users don't have to download it. Do you recall how to do
that?

Harrison Midkiff



> How are you reneweing the CA certificate? Please try using the CA snapin
> certsrv.msc, right click on the CA node and under "All Tasks" action item
> you will see the option to renew.
> Thanks



Posted by Brian Komar on February 19, 2008, 8:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
The easiest is to have a member of enterprise admins run:
certutil -dspublish -f <rootca_certname.crt> RootCA
The certificate is then pushed to all domain and forest members as a trusted
root CA
Brian

> Saurav:
>
> That got it! I was able to renew the cert. One more simple questions if
> I could. I remember there was a way to deploy this certificate to
> workstations so users don't have to download it. Do you recall how to do
> that?
>
> Harrison Midkiff
>
>
>
>> How are you reneweing the CA certificate? Please try using the CA snapin
>> certsrv.msc, right click on the CA node and under "All Tasks" action item
>> you will see the option to renew.
>> Thanks
>
>


Posted by Harrison Midkiff on February 19, 2008, 10:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks I got the certificate out.


> The easiest is to have a member of enterprise admins run:
> certutil -dspublish -f <rootca_certname.crt> RootCA
> The certificate is then pushed to all domain and forest members as a
> trusted root CA
> Brian
>
>> Saurav:
>>
>> That got it! I was able to renew the cert. One more simple questions if
>> I could. I remember there was a way to deploy this certificate to
>> workstations so users don't have to download it. Do you recall how to do
>> that?
>>
>> Harrison Midkiff
>>
>>
>>
>>> How are you reneweing the CA certificate? Please try using the CA snapin
>>> certsrv.msc, right click on the CA node and under "All Tasks" action
>>> item you will see the option to renew.
>>> Thanks
>>
>>
>



Similar ThreadsPosted
Renew Subordinate CA certificate July 16, 2008, 8:21 pm
Clients no longer pick up the Root CA as a trusted root authority June 6, 2006, 6:59 pm
Convert Enterprise Root CA to Standalone Root CA and create new Subordinate CAs March 19, 2008, 1:45 am
Migrating from single enterprise root CA to different root CA May 11, 2007, 6:43 am
root ca December 1, 2005, 8:57 am
Root Ca on VM December 5, 2005, 10:23 am
Root CA on a VM December 13, 2007, 6:35 am
Root CA cannot publish to CRL December 19, 2005, 12:42 pm
Third-Party Root CA May 12, 2006, 1:57 pm
Root CA CRLs October 25, 2006, 1:35 pm

The site map in XML format XML site map

Contact Us | Privacy Policy