Wednesday, December 12, 2012 6:01 PM
I have a W2K3 R2 server standard edition.. with an Enterprise CA and is an AD domain controller.
I have added the IPSEC to the template to be issued in the CA and have put the permissions to full contoll for the administrator and domain admins.
Restarted the certificate services and IIS, and still IPSEC isn't showing in the drop down for certificate templates in the web enrollment.
I'm also using the IE 6.0 on the server for web admin.
My enviroment is closed in a lab and has now access to internet.
What am I doing wrong?
- Moved by K_evin ZhuMicrosoft Contingent Staff, Moderator Thursday, December 13, 2012 1:41 AM (From:General)
Thursday, December 13, 2012 3:44 PM
There are two IPSec templates, the one named "Offline Request" can be used together with the web enrollment because it supports supplying the subject name inte the request. The other IPSec template is configured to use Active Directory to supply the subject name and the template i targeting computer or machine accounts making it impossible to use in the web enrollment to enroll a "user" certificate.
- Edited by Hasain AlshakartiMVP Thursday, December 13, 2012 3:45 PM
Tuesday, December 18, 2012 6:39 PM
Thanks for the reply.
I figured out a way the the IPSEC Intermediate Offline template to be used for my purposes, all I needed was to have the IPSEC Security Tunnell Endpoint OID 220.127.116.11.18.104.22.168.6 to be in the template.
What I did was I used ADSIEdit.msc to edit the IPSEC Intermediate Offline template and added the IPSEC Security Tunnel Endpoint OID.
Then in the Web Enrollment I used the IPSEC Intermediate Offline template and the device certificate authenticates properly.
Tuesday, December 18, 2012 11:52 PM
Although this worked out for you, I would be careful using this method as it is not supported to "edit" the v1 templates except for security ACL's.