locked
Cert question RRS feed

  • Question

  • I'm setting up Directaccess. Our CA is running on Server 2008 Standard. Because of this I'm unable to use custom cert templates. Is there a workaround for this? Thanks -MIKE-
    Friday, August 20, 2010 5:18 PM

Answers

  • Hi,

     

    Thanks for your clarification.

     

    According to the requirement of DirectAccess http://technet.microsoft.com/en-us/library/dd637797(WS.10).aspx. The built-in Computer certificate template should meet the requirement. It is a version 1 certificate template and therefore can be issued by a standard edition server.

     

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Joson Zhou Monday, August 30, 2010 12:57 AM
    Tuesday, August 24, 2010 3:38 AM
  • Hi,

    Please use the standard Web Server certificate without duplicating it and customizing the request handling tab. Follow all the other steps, such as configuring autoenrollment, etc. The main requirement here is that the certificate contain the server authentication EKU.

    I've been in discussion with the product group internally and they indicate the Web Server certificate will work without customization. The only limitation here is that you cannot add NAP integration on top of DA without customizing a certificate template.

    Also note that in Server 2008 R2 you can actually customize certificate templates using the Standard version of Windows Server.

    -Greg

    Tuesday, August 24, 2010 9:47 PM

All replies

  • Hi,

    Sorry but you cannot deploy custom templates with Standard edition. Enterprise edition is required for this.

    -Greg

    Sunday, August 22, 2010 2:35 AM
  • Hi,

    For more information, please see http://technet.microsoft.com/en-us/library/cc731429.aspx#BKMK_9

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, August 23, 2010 5:38 AM
  • Yes, I'm already aware that you cannot use custom certs when CA is installed on Standard Server. My question was... is there a workaround for creating the necessarry certs for DirectAccess utalizing the CA I currently have?
    Monday, August 23, 2010 11:57 AM
  • Hi,

     

    Thanks for your clarification.

     

    According to the requirement of DirectAccess http://technet.microsoft.com/en-us/library/dd637797(WS.10).aspx. The built-in Computer certificate template should meet the requirement. It is a version 1 certificate template and therefore can be issued by a standard edition server.

     

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Joson Zhou Monday, August 30, 2010 12:57 AM
    Tuesday, August 24, 2010 3:38 AM
  • Great! Any idea how to do this since I can no longer follow the step-by-step instructions for DirectAccess? I kind of figured the Certs would be my biggest stumbaling block. It's the area I have very little experience with. Other than the certs, my prep work for DA is just about finished. =Thanks=
    Tuesday, August 24, 2010 4:54 PM
  • Hi,

    Please use the standard Web Server certificate without duplicating it and customizing the request handling tab. Follow all the other steps, such as configuring autoenrollment, etc. The main requirement here is that the certificate contain the server authentication EKU.

    I've been in discussion with the product group internally and they indicate the Web Server certificate will work without customization. The only limitation here is that you cannot add NAP integration on top of DA without customizing a certificate template.

    Also note that in Server 2008 R2 you can actually customize certificate templates using the Standard version of Windows Server.

    -Greg

    Tuesday, August 24, 2010 9:47 PM
  • Hi,

    How's everything going?

    I'd like to check if the suggestion has helped. If you need further assistance, please feel free to respond back.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, August 27, 2010 3:00 AM
  • Your solution worked great! Much appreciation for your help. =Mike=

    Friday, August 27, 2010 11:23 AM