standalone CA - cannot use browser to install certs

standalone CA - cannot use browser to install certs
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
standalone CA - cannot use browser to install certs Kristin Griffin 02-01-2008
Posted by Kristin Griffin on February 1, 2008, 3:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi there.

I have a test lab running - it looks like this:

IPSECCA1 = the Root CA, standalone, in a workgroup called WORKGROUP

IPSECCPC1 and IPSECPC2 vista clients, in WORKGROUP

IPSECCA1 is a root CA, running 2008 AD CS, standalone, with web enrollment
installed. I can request certs, and then go to the cert authority on
IPSECCA1, and issue the certs.
Then my clients go to the website, and download the certs, and click the
install button. They say they get installed but they do not. I have to
download them to the local machine and double click them to install them. I
have noticed that the file location is missing when it does not work using
the web site to install the cert.

Anyone have an idea on why this is not working quite right?

Thanks!
Kristin



Posted by Brian Komar on February 2, 2008, 5:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Is the root CA (IPSECCA1) a trusted root CA on the clients?
Brian
> Hi there.
>
> I have a test lab running - it looks like this:
>
> IPSECCA1 = the Root CA, standalone, in a workgroup called WORKGROUP
>
> IPSECCPC1 and IPSECPC2 vista clients, in WORKGROUP
>
> IPSECCA1 is a root CA, running 2008 AD CS, standalone, with web enrollment
> installed. I can request certs, and then go to the cert authority on
> IPSECCA1, and issue the certs.
> Then my clients go to the website, and download the certs, and click the
> install button. They say they get installed but they do not. I have to
> download them to the local machine and double click them to install them.
> I have noticed that the file location is missing when it does not work
> using the web site to install the cert.
>
> Anyone have an idea on why this is not working quite right?
>
> Thanks!
> Kristin
>


Posted by Kristin Griffin on February 4, 2008, 12:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
yes, the root CA's certificate is stored in the certificate store (both user
and computer store).

> Is the root CA (IPSECCA1) a trusted root CA on the clients?
> Brian
>> Hi there.
>>
>> I have a test lab running - it looks like this:
>>
>> IPSECCA1 = the Root CA, standalone, in a workgroup called WORKGROUP
>>
>> IPSECCPC1 and IPSECPC2 vista clients, in WORKGROUP
>>
>> IPSECCA1 is a root CA, running 2008 AD CS, standalone, with web
>> enrollment installed. I can request certs, and then go to the cert
>> authority on IPSECCA1, and issue the certs.
>> Then my clients go to the website, and download the certs, and click the
>> install button. They say they get installed but they do not. I have to
>> download them to the local machine and double click them to install them.
>> I have noticed that the file location is missing when it does not work
>> using the web site to install the cert.
>>
>> Anyone have an idea on why this is not working quite right?
>>
>> Thanks!
>> Kristin
>>
>



Similar ThreadsPosted
Standalone Root- Standalone Sub September 13, 2005, 3:43 pm
Standalone CA's and CRL August 27, 2008, 9:10 pm
Standalone/ Enterprise CA issue October 18, 2005, 2:52 am
Restricted groups in a standalone computer October 17, 2006, 12:45 pm
PKI Cert for a website on a standalone server. September 24, 2007, 2:46 pm
Smart Card Authenticatyion to standalone PC January 10, 2008, 7:27 am
Standalone vs Enterprise root CA security. April 8, 2008, 8:13 pm
Is Browser using Localhost OK ? July 27, 2005, 11:57 am
Browser being hijacked? February 21, 2007, 7:03 am
Browser Hijack? February 21, 2007, 9:10 am

The site map in XML format XML site map

Contact Us | Privacy Policy