|
Posted by JG on June 6, 2006, 6:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi
I have an offline root CA running on windows 2003 sp1 standard and 2
issuing enterprise CAs running windows 2003 sp1 enterprise which are
part of our company domain (2000 with 2003 schema extensions).
I went through the standard procedure of publishing the offline root
certificate into Active Directory / its also available from an online
web page as is the crl.
Looking ADSI EDIT i can see the CDP and AIA entries for my offline root
server and issuing ca as i would expect.
When a new client pc is added to the domain it should get our company
root certificate added to its trusted root authority list. This did
work for the first few months after the certificate hierarchy was
installed but now does not seem to work.
Any ideas why a root certificate would no longer auto publish to a
machine in the domain ?
I read a microsoft article about if you disallow authenticated users
from a certificate template this can cause problems for certificate
requests (resolution is to add the ca machine account with permissions
- doesnt seem relevant as im not issuing a cert to the client so doesnt
seem relevant.
| 
XML site map