|
Posted by shudman on December 15, 2006, 5:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
All servers and DCs are Windows 2003 SP1.
The commands I am running are :
certutil -dspublish -f c:\rootca.crt RootCA
certutil -dspublish -f c:\rootca.crl
These are obviously done from a Ent Subordinate CA, which has connectivity
to the AD. Re-running these, actually states that is it is already
published (only cuz I tried again!).
Stuart
> says...
>
>> I have read as many articles/KB that I can and would like some
>> clarification
>> if anyone can,
>> PLEASE!!.
>>
>> We have a standalone RootCA, with Enterprise issuing CAs. We have ran
>> DSpublish for the RootCA into the AD, but clients do not get entries
>> added
>> to
>> their trusted store.
>
> What OS is running on your domain controllers? If you're running
> Windows Server 2003 then you should be publishing the root
> certificate with certutil and not dspublish.
>
>
>> From what I understand, and read many times, is things
>> like: "When you install an enterprise root CA or a stand-alone root CA,
>> the
>> certificate of the CA is added automatically to the Trusted Root
>> Certification Authorities Group Policy for the domain.". Well, if this is
>> a
>> standalone Root, how the heck does it put it into a GPO ? Another
>> article
>> states, that if the client is a domain member, then they will
>> automatically
>> receive the CAs in the trusted store....but negates to say how.
>>
>> So...in a complete Microsoft world (RootCA, SubEntCAs and clients)...how
>> does the trusted store get populated on a client ? Do you need a GPO or
>> not
>> ? Is it a sub-process of auto-enrollment ?
>
> If the standalone certificate is _properly_ published to the the
> directory then Group Policy will ensure that is installed on all
> Windows clients in the forest. Note that Group Policy is the
> publishing mechanism, there's no need to create a specific GPO
> to do this.
>
>
> --
> Paul Adare - MVP Virtual Machines
> Waiting for a bus is about as thrilling as fishing,
> with the similar tantalisation that something,
> sometime, somehow, will turn up. George Courtauld
>
| 
XML site map