|
Posted by =?Utf-8?B?RWxp?= on May 13, 2008, 1:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
Windows 2008
I’m trying to create a certificate by following directions from here:
http://technet.microsoft.com/en-us/library/bb694035.aspx#BKMK_siteserver
Creating and Issuing the Site Server Signing Certificate Template on the
Certification Authority
On #15, I ran into problem, my server is standard edition; I did an upgrade
to enterprise over standard (without reinstalling OS)
#15 In the Enable Certificate Templates dialog box, select the new template
you have just created, ConfigMgr Site Server Signing Certificate, and then
click OK.
I don’t see the certificate template that I just created even after
upgrading to enterprise and redoing the template.
Any ideas/suggestions?
|
|
Posted by Miles Li [MSFT] on May 13, 2008, 7:03 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
Thanks for your post.
I'd like to know whether you receive the error message such as "The
template information on the CA cannot be modified at this time". If yes,
please verify the security on the certificate template whether the
Authenticated users has the READ permission on the template. If it is
absent, try to manually add this ACE and check how it works.
Hope it helps.
Sincerely,
Miles Li
Microsoft Online Partner Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
Posted by =?Utf-8?B?RWxp?= on May 13, 2008, 10:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
in the list.
I do a right click on “certificate templates” then new “certificate
template
to issue
According to the manual, I have to see the template that I created, but it’s
not there.
I found one reason that I had “standard” version of windows, I did an
upgrade to enterprise.
Same thing, I then deleted it and recreated. Same thing, its’ not appearing.
"Miles Li [MSFT]" wrote:
> Hello,
>
> Thanks for your post.
>
> I'd like to know whether you receive the error message such as "The
> template information on the CA cannot be modified at this time". If yes,
> please verify the security on the certificate template whether the
> Authenticated users has the READ permission on the template. If it is
> absent, try to manually add this ACE and check how it works.
>
> Hope it helps.
>
>
> Sincerely,
> Miles Li
>
> Microsoft Online Partner Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
|
|
Posted by =?Utf-8?B?RWxp?= on May 14, 2008, 6:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
It does appear now and I can enable it.
Now I have the problem with the second part:
At these link:
http://technet.microsoft.com/en-us/library/bb694035.aspx#BKMK_siteserver
At this section “Requesting the Site Server Signing Certificate for the
Server That Will Run the Configuration Manager 2007 Site Server
To request the site server signing certificate: “
#5 advanced certificate request—there is no template that I made in
enterprise.
My steps are:
http://server/certsrv
Request a certificate, then advanced certificate, then create and submit a
request to this CA.
When I click on that link, I get
“In order to complete certificate enrollment, the website for the CA must be
configured to use HTTPS authentication.”
I click OK, and then look in the certificate template, and I don’t’ see it
again.
"Miles Li [MSFT]" wrote:
> Hello,
>
> Thanks for your post.
>
> I'd like to know whether you receive the error message such as "The
> template information on the CA cannot be modified at this time". If yes,
> please verify the security on the certificate template whether the
> Authenticated users has the READ permission on the template. If it is
> absent, try to manually add this ACE and check how it works.
>
> Hope it helps.
>
>
> Sincerely,
> Miles Li
>
> Microsoft Online Partner Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
|
|
Posted by Miles Li [MSFT] on May 15, 2008, 11:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
I am sorry that I have made a lapse in my previous reply.
From my understanding, you have enabled the signing certificate template
(you can view the enabled template in the CA MMC Certificate Template),
However, when you want to enroll a certificate via web enrollment you can't
find that specific template in the list. Please feel free to correct me if
there is any misunderstandings.
Please check the security on that template according to the following step:
1. Run "certtmpl.msc" in the commend prompt to open template manager.
2. Right click the signing certificate template--->properties--->Security.
Check whether the user account that perform the web enrollment request on
the member server has both READ and ENROLL permission.
Note: By default, Domain admins and Enterprise admins groups have the both
READ and ENROLL permission. This means if you submit the request by a
non-admin user account (standard user account) the template will not shown
in the list for the user has no ENROLL permission. (by default, the
Authenticated Users have the READ permission that is inherited from the
Computer Template)
Meanwhile, please also note that you may experience latency before the
template list gets updated.
281260 A Certificate Request That Uses a New Template Is
Unsuccessful
http://support.microsoft.com/default.aspx?scid=kb;EN-US;281260
Hope it helps.
Sincerely,
Miles Li
Microsoft Online Partner Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
| Similar Threads | Posted | | Problem with creating site server signing certificate template | May 15, 2008, 2:43 pm |
| Creating Certificate for a wireless projector | February 8, 2008, 7:12 am |
| Issuing Code-signing Certificate with Private Key | December 27, 2007, 11:41 am |
| Certification Authority cannot use certificate template | June 12, 2007, 11:44 am |
| Digital Certificate for Outlook 2007 Email encryption and signing | October 9, 2007, 7:33 pm |
| Web enrollment, only web server template | December 5, 2007, 9:41 am |
| Issue with enterprise internal Authenticode code signing certificate More options | April 3, 2007, 8:41 am |
| Web Site Certificate | October 8, 2005, 10:53 pm |
| how to get a web site certificate through my stand alone CA | December 6, 2005, 6:03 am |
| Necessity for Certificate Services Web Site | October 16, 2006, 3:47 pm |
|
XML site map