|
Posted by =?Utf-8?B?REpI?= on December 4, 2007, 11:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Found it!
Permissions on the local certificate store were incorrect. for some reason
administrators only had read!
Local certificate store location:
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys
"DJH" wrote:
> Hey,
>
> We have an internal PKI utilising an offlint root and policy server, and an
> AD integrated enterprise issuing server. We've distributed our root
> certificate via a GPO to all workstations/servers in AD.
>
> We have a number of certifcate templates for SSL certs. We permission these
> with Role groups to define who can request and modify the certs.
>
> We have one problematic box, when requesting a certificate via
> servername\certsrv we get a permission denied error:
>
> "An error occurred while creating the certificate request. Please verify
> that your CSP supports any settings you have made and that your input is
> valid.
> Suggested cause:
> You do not have write permission to save the file to the path
> Error: 0x00000046 - Permission Denied"
>
> The request is for a generic SSL certificate so that a secure channel can be
> used to communicate between 2 boxes. The certificate request never reaches
> the enterprise issuing server (no record of failed request). The error
> message indicates a permission issue, but the way we permission the templates
> is such that you wont see the cert via the web interface if your not a member
> of the group which can request this certificate type. The user requesting the
> certificate is a member of builtin\administrators of the box requesting the
> certificate.
>
> Anyone have any suggestions?
| 
XML site map