Certificate types are not available
-
Friday, February 08, 2013 11:20 AM
Hello everyone,
I am sorry for my bad English.
My CA is on Windows Server 2008 R2 and is a domain controller also. Clients are Windows 7. All clients connected to DC.The Certificate Authority is an Enterprise CA. When i try request for certificate on the client computer mmc>certificates>personal > task >
Certificate types are not available - When creating computer certificate. It may also be that my installed CA is not allowing generation of "Computer" certificate types. Please help me...
- Edited by Hiki1985 Friday, February 08, 2013 11:22 AM
- Edited by Hiki1985 Friday, February 08, 2013 11:26 AM
- Edited by Hiki1985 Friday, February 08, 2013 11:27 AM
- Edited by Hiki1985 Friday, February 08, 2013 11:36 AM
- Edited by Hiki1985 Friday, February 08, 2013 11:37 AM
- Edited by Hiki1985 Friday, February 08, 2013 2:38 PM
- Edited by Hiki1985 Friday, February 08, 2013 2:38 PM
All Replies
-
Monday, February 11, 2013 1:43 PM
Is your 2008 R2 DC an enterprise or standard version of Windows ?
Be sure that your account/computer account has the correct persmissions on the certificate template.
Johan Loos CISSP,MCT,ISO 27001 and others
-
Monday, February 11, 2013 2:54 PM
Hi Johan ,
Thank you for answer.
Yes , my 2008R2 DC is Stansart version. On the certificate templates has read, enroll and autoenroll permission for domain computers.
-
Monday, February 11, 2013 3:42 PM
Seems to be that you are trying to enroll for a version 1 certificate for your computer certificate.
Look at the following link:
http://technet.microsoft.com/en-us/library/cc772393.aspx (requirements for using AD CS)
Here is a comparison between Win 2008 std and enterprise edition.
Johan Loos CISSP,MCT,ISO 27001 and others
-
Monday, February 11, 2013 6:04 PM
Hello Johan,
In my case : I have one Application server and i must logon here from domain users computers by https protocol.Root CA, Web Enrollment and Online responder services both in one server.AD CS server os Windows Server 2008 R2 Sp1. I put Root certificate and one certificate for App server request on the Application server by web server templates. But i dont know which certificate template should be configure for App server and domain users? Look at the picture pls. Why test and test1 users receives different type certificate? Which certificate template should be receive? Thank You very much.
-
Tuesday, February 12, 2013 4:06 AM
Hi -
Users should only be generating requests for 'User Certificates' and machines should be getting 'Computer', 'Web Server' or 'Domain Controller' by default. If you use the IIS snap-in, that is hard-coded to request the 'Web Server' certificate. As for why the different users are getting different certificates, that has to do with how they are requested. VMAS1\test and VMAS1\test1 are the requestors, but they can request potentially different certificates. You would have to describe your process a little so that we can help with the root cause.
~fr3dd
fr3dd
-
Tuesday, February 12, 2013 6:18 AM
Hi ,
On the Certificate Templates i have Web server , OCSP Response , Adminitrator, User, DOmain Controller Authentication , User Certificates , DOmain controller, Computer templates which on security tab has read , enroll, autoenroll permissions for Domain Users , Domain Computers. But i don't know which certificate should be receive on client side.
-
Tuesday, February 12, 2013 7:48 AM
I agree with with fr3dd.
If your application server is an IIS, you can request a web server certificate. If your users needs to authenticate using a certificate, they need a user certificate.
Can you give more details on what you want to accomplish
Johan Loos CISSP,MCT,ISO 27001 and others
-
Tuesday, February 12, 2013 7:54 AMMy Web server is GlassFish. I gave certificate to GlassFish from Web server Template. But domain users receives different certificate. Can i delete dublicated templates from Certiface templates exept Web server and User Certicate?
-
Tuesday, February 12, 2013 8:11 AM
Yes, you can remove them from the CA or you can change the permissions on the security template, so that only web servers and not domain users receive a certifificate.
Why should users need to receive a certificate from the web server template ?
Johan Loos CISSP,MCT,ISO 27001 and others
-
Tuesday, February 12, 2013 8:18 AM
Why should users need to receive a certificate from the web server template ?
Which template should be receive? I am new in this sphere.
-
Tuesday, February 12, 2013 9:52 AMwhy do your users need a certificate ?
Johan Loos
-
Tuesday, February 12, 2013 10:51 AMI need two way ssl connection. Web server must be check users certificate , users musb be check Server certificate.
-
Tuesday, February 12, 2013 11:55 AM The users will always check the validity of the server certificate. If you have an application that requires user authentication via a certificate then you need a user certificate. You can use the user certificate template for this purpose
Johan Loos
- Marked As Answer by Hiki1985 Tuesday, February 12, 2013 12:20 PM
.png)
