|
|
microsoft.public.security
Discussion complète de l'article :
Windows Server 2008 CA
|
Article :
96833
Date :
02-04-2008
From :
Yahya
Sujet :
Windows Server 2008 CA
Hi,
I have installed Windows Server 2008 Enterprise Root CA and Subordinate CA.
Windows Vista based PCs enroll certificate or IE on Windows Vista is capable
for web enrollement.
Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on
Windows XP is not capable for web enrollment.
IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed Windows
Server 2008 CA
Mozilla Firefox on Windows XP (SP2) is working on SSL web site by signed
Windows Server 2008 CA
--
YAHYA YAZICI
MCSE-M , MCSE-S, MCTS, MCT
Morten Bilgi ve Ýletiþim Hizmetleri Ltd. Þti
Web: www.btegitim.com
Ofis: +90 212 274 69 98
Fax: +90 212 267 46 25
E-mail: yahya@btegitim.com
Posez vos questions, réponses et remarques sur
les forums de AuthSecu
|
|
Article :
96842
Date :
03-04-2008
From :
Brian Komar \(MVP\)
Sujet :
Re: Windows Server 2008 CA
I am not sure what you are asking.
Web enrollment does typically work
First thing I do notice is that you should be using a Standalone Root CA
rather than an enterprise root CA.
You cannot take an enterprise root CA offline and there really is no sense
for a subordinate enterprise CA with an enterprise root CA.
- Do the Vista computer work for enrollment. For Vista, it is recommended to
use the Certmgr.msc console for all enroll,ment
- What about Windows XP.
Does IE work ( I do not think so, but do not have enough info to provide
you an answer)
Does certmgr.msc work
To me it sounds like you have certificate trust issues from the new CA
hierarchy
Brian
"Yahya" wrote in message
news:C32CA1D6-06B5-453E-A4E4-998C3E6D9C16@microsoft.com...
> Hi,
> I have installed Windows Server 2008 Enterprise Root CA and Subordinate
> CA.
> Windows Vista based PCs enroll certificate or IE on Windows Vista is
> capable
> for web enrollement.
>
> Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on
> Windows XP is not capable for web enrollment.
>
> IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed
> Windows
> Server 2008 CA
>
> Mozilla Firefox on Windows XP (SP2) is working on SSL web site by signed
> Windows Server 2008 CA
>
>
>
> --
> YAHYA YAZICI
> MCSE-M , MCSE-S, MCTS, MCT
>
> Morten Bilgi ve Ýletiþim Hizmetleri Ltd. Þti
> Web: www.btegitim.com
> Ofis: +90 212 274 69 98
> Fax: +90 212 267 46 25
>
> E-mail: yahya@btegitim.com
>
>
Posez vos questions, réponses et remarques sur
les forums de AuthSecu
|
|
Article :
96846
Date :
03-04-2008
From :
Yahya
Sujet :
Re: Windows Server 2008 CA
Windows xp does not work with windows server 2008 CA
I cannot install certificate using certmgr.msc and Auto Enrollment does not
work on Windows XP.
If I request certificate using certmgr.msc, I have a warning ;
---------------------------
Certificate Request Wizard
---------------------------
The wizard cannot be started because of one or more of the following
conditions:
- There are no trusted certification authorities (CAs) available.
- You do not have the permissions to request certificates from the
available CAs.
- The available CAs issue certificates for which you do not have
permissions.
---------------------------
OK
---------------------------
IE (6.0 - 7.0) on windows XP can not open SSL certificate signed by windows
server 2008 CA but Mozilla firework can.
Windows Vista is working without any problem.
Why does Windows XP work with windows server 2008 CA ?
What is the problem ?
--
YAHYA YAZICI
MCSE-M , MCSE-S, MCTS, MCT
Morten Bilgi ve Ýletiþim Hizmetleri Ltd. Þti
Web: www.btegitim.com
Ofis: +90 212 274 69 98
Fax: +90 212 267 46 25
E-mail: yahya@btegitim.com
"Brian Komar (MVP)" wrote in message
news:uBp9y%23RlIHA.1204@TK2MSFTNGP03.phx.gbl...
>I am not sure what you are asking.
> Web enrollment does typically work
> First thing I do notice is that you should be using a Standalone Root CA
> rather than an enterprise root CA.
> You cannot take an enterprise root CA offline and there really is no sense
> for a subordinate enterprise CA with an enterprise root CA.
> - Do the Vista computer work for enrollment. For Vista, it is recommended
> to use the Certmgr.msc console for all enroll,ment
> - What about Windows XP.
> Does IE work ( I do not think so, but do not have enough info to
> provide you an answer)
> Does certmgr.msc work
>
> To me it sounds like you have certificate trust issues from the new CA
> hierarchy
> Brian
>
> "Yahya" wrote in message
> news:C32CA1D6-06B5-453E-A4E4-998C3E6D9C16@microsoft.com...
>> Hi,
>> I have installed Windows Server 2008 Enterprise Root CA and Subordinate
>> CA.
>> Windows Vista based PCs enroll certificate or IE on Windows Vista is
>> capable
>> for web enrollement.
>>
>> Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on
>> Windows XP is not capable for web enrollment.
>>
>> IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed
>> Windows
>> Server 2008 CA
>>
>> Mozilla Firefox on Windows XP (SP2) is working on SSL web site by
>> signed
>> Windows Server 2008 CA
>>
>>
>>
>> --
>> YAHYA YAZICI
>> MCSE-M , MCSE-S, MCTS, MCT
>>
>> Morten Bilgi ve Ýletiþim Hizmetleri Ltd. Þti
>> Web: www.btegitim.com
>> Ofis: +90 212 274 69 98
>> Fax: +90 212 267 46 25
>>
>> E-mail: yahya@btegitim.com
>>
>>
>
Posez vos questions, réponses et remarques sur
les forums de AuthSecu
|
|
Article :
96847
Date :
03-04-2008
From :
Paul Adare
Sujet :
Re: Windows Server 2008 CA
On Thu, 3 Apr 2008 10:23:48 +0300, Yahya wrote:
> Windows xp does not work with windows server 2008 CA
It actually does.
>
> I cannot install certificate using certmgr.msc and Auto Enrollment does not
> work on Windows XP.
>
> If I request certificate using certmgr.msc, I have a warning ;
>
> ---------------------------
> Certificate Request Wizard
> ---------------------------
> The wizard cannot be started because of one or more of the following
> conditions:
> - There are no trusted certification authorities (CAs) available.
> - You do not have the permissions to request certificates from the
> available CAs.
> - The available CAs issue certificates for which you do not have
> permissions.
> ---------------------------
> OK
> ---------------------------
Is the XP system joined to the domain? Any errors in the event viewer on
the XP computer?
>
>
> IE (6.0 - 7.0) on windows XP can not open SSL certificate signed by windows
> server 2008 CA but Mozilla firework can.
What does this mean exactly that XP can't open an SSL certificate? Errors?
>
> Windows Vista is working without any problem.
>
> Why does Windows XP work with windows server 2008 CA ?
> What is the problem ?
There could be tons of reasons you're having these problems but without
more detail resolving them is going to be a challenge.
--
Paul Adare
http://www.identit.ca
LISP: To call a spade a thpade.
Posez vos questions, réponses et remarques sur
les forums de AuthSecu
|
|
Article :
96849
Date :
03-04-2008
From :
Yahya
Sujet :
Re: Windows Server 2008 CA
I have Installed four virtual machine
Server1 = Domain Controller
Server2 = EnterpriseSubordinate
Server3 = Enterprise Root CA (not instelled web enrollment)
Client1 = Windows XP Professional (SP2)
All servers are Windows Server 2008 Enterprise Editions.
domain name = yahya.local
On Default Domain Policy;
Under Computer Configuration > Policies > Windows Settings > Security
Settings > Publickey Policies
Certtifcate Services Client - Auto - Enrollment (enabled)
Also I imported Root and Intermediate Certifacates to ;
Under Computer Configuration > Policies > Windows Settings > Security
Settings > Publickey Policies > Trusted Root Certification Authorities
Under Computer Configuration > Policies > Windows Settings > Security
Settings > Publickey Policies > Intermediate Certification Authorities
Under Computer Configuration > Policies > Windows Settings > Security
Settings > Publickey Policies > Automatic Certificate Request Settings;
Computer,
Domain Controller,
Enrollment Agent
Under User Configuration > Policies > Windows Settings > Security Settings >
Publickey Policies >
Certtifcate Services Client - Auto - Enrollment (Enabled)
On windows XP ;
If I request certificate using certmgr.msc, I have a warning ;
---------------------------
Certificate Request Wizard
---------------------------
The wizard cannot be started because of one or more of the following
conditions:
- There are no trusted certification authorities (CAs) available.
- You do not have the permissions to request certificates from the
available CAs.
- The available CAs issue certificates for which you do not have
permissions.
---------------------------
OK
---------------------------
On windows Xp,
I opened IE 7.0 and wrote http://server2/certsrv to take a certifcate,
after certificate generated, I have pushed "Install Certficate" but not
installed
I have a error ;
---------------------------
Windows Internet Explorer
---------------------------
Unable to install the certificate:
Error: 0x80091002
---------------------------
OK
---------------------------
If I try to take a certificate using mozilla firefox, it is working
properly, install the certificate.
If i sign a website using windows server 2008 CA , I an not reach using IE
7.0 on windows XP, but mozilla is working.
What Sould I do ?
I I make a mistake, Where?
--
YAHYA YAZICI
MCSE-M , MCSE-S, MCTS, MCT
Morten Bilgi ve Ä°letiÅŸim Hizmetleri Ltd. Åžti
Web: www.btegitim.com
Ofis: +90 212 274 69 98
Fax: +90 212 267 46 25
E-mail: yahya@btegitim.com
"Paul Adare" wrote in message
news:jadvfkzjh8l0.1x8jhnhsan8py$.dlg@40tude.net...
> On Thu, 3 Apr 2008 10:23:48 +0300, Yahya wrote:
>
>> Windows xp does not work with windows server 2008 CA
>
> It actually does.
>
>>
>> I cannot install certificate using certmgr.msc and Auto Enrollment does
>> not
>> work on Windows XP.
>>
>> If I request certificate using certmgr.msc, I have a warning ;
>>
>> ---------------------------
>> Certificate Request Wizard
>> ---------------------------
>> The wizard cannot be started because of one or more of the following
>> conditions:
>> - There are no trusted certification authorities (CAs) available.
>> - You do not have the permissions to request certificates from the
>> available CAs.
>> - The available CAs issue certificates for which you do not have
>> permissions.
>> ---------------------------
>> OK
>> ---------------------------
>
> Is the XP system joined to the domain? Any errors in the event viewer on
> the XP computer?
>
>>
>>
>> IE (6.0 - 7.0) on windows XP can not open SSL certificate signed by
>> windows
>> server 2008 CA but Mozilla firework can.
>
> What does this mean exactly that XP can't open an SSL certificate? Errors?
>
>>
>> Windows Vista is working without any problem.
>>
>> Why does Windows XP work with windows server 2008 CA ?
>> What is the problem ?
>
> There could be tons of reasons you're having these problems but without
> more detail resolving them is going to be a challenge.
>
> --
> Paul Adare
> http://www.identit.ca
> LISP: To call a spade a thpade.
Posez vos questions, réponses et remarques sur
les forums de AuthSecu
|
|
|