Windows Server TechCenter >
Windows Server Forums
>
Security
>
Can't request cert on client from a WIndows 2008 CA.
Can't request cert on client from a WIndows 2008 CA.
- Hi everyone.
I have set up a CA on one of our Windows 2008 Standard DC computers, and as far as I can see, everything seems to be functional as expected. How ever, when on a client computer, if you run the MMC with the "Certificates" snap-in and in the "Personal" store tro to "Request new certificate..." you will first get the message "You cannot request a certificate at this time because no certificate types are available. If you need a certificate, please contact your administrator."
If you on the same screen in the wizard place a checkmark in the "Show all templates" box, you will get a list of all the certificates. And I guess that the publishing of templates to the AD works since there is a duplicated template that I made just to check that is named "Copy of User". But all the templates are greyed out and cannot be selected. If you look at the "User" template, it will say:
"The requested certificate template is not supported by this CA. A valid CA configured to issue certificates based on this template cannot be located, or the CA is not trusted."
Is this a limitation since I'm running the CA on a Standard Edition server, or is there something missing in the configuration? The CA's certificate is valid, and if I create a website on our internal webserver and add a certificate issued from the internal CA it is trusted by the clients so as I said before, this and if I check all the eventlogs and such the CA seems to work.....sort of.
All pointers ar very much appriciated!
Best reagrds,
Johan Christensson
Answers
- Server 2008 Standard Edition only supports V1 certificate templates. You either need to use 2008 Enterprise Edition or use Server 2008 R2 Standard or Enterprise to issue V2 certificate templates.
Paul Adare CTO IdentIT Inc. ILM MVP- Marked As Answer byMervyn ZhangMSFT, ModeratorFriday, November 13, 2009 3:19 AM
- > So, to get this to work, I have to either be running 2008 Enterprice of 2008 R2 Standard/Enterprise.
> Is this also true for Web Enrollment?
sure.
> We are running our servers under SPLA licensing so upgrading to enterprise is not an option right now, and R2 requires to be running on a x64 platform and > the VM-ware machine that is running the machine dosen't support x64.....of course!
note that Windows Server 2003 Enterprise can issue certificates based on V2 template versions too.
http://www.sysadmins.lv- Marked As Answer byMervyn ZhangMSFT, ModeratorFriday, November 13, 2009 3:19 AM
All Replies
- Server 2008 Standard Edition only supports V1 certificate templates. You either need to use 2008 Enterprise Edition or use Server 2008 R2 Standard or Enterprise to issue V2 certificate templates.
Paul Adare CTO IdentIT Inc. ILM MVP- Marked As Answer byMervyn ZhangMSFT, ModeratorFriday, November 13, 2009 3:19 AM
- Thank you Paul fot the quick reply.
So, to get this to work, I have to either be running 2008 Enterprice of 2008 R2 Standard/Enterprise.
Is this also true for Web Enrollment?
We are running our servers under SPLA licensing so upgrading to enterprise is not an option right now, and R2 requires to be running on a x64 platform and the VM-ware machine that is running the machine dosen't support x64.....of course!
Best regards,
Johan Christensson - > So, to get this to work, I have to either be running 2008 Enterprice of 2008 R2 Standard/Enterprise.
> Is this also true for Web Enrollment?
sure.
> We are running our servers under SPLA licensing so upgrading to enterprise is not an option right now, and R2 requires to be running on a x64 platform and > the VM-ware machine that is running the machine dosen't support x64.....of course!
note that Windows Server 2003 Enterprise can issue certificates based on V2 template versions too.
http://www.sysadmins.lv- Marked As Answer byMervyn ZhangMSFT, ModeratorFriday, November 13, 2009 3:19 AM
