	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.4

Microsoft Certificate Authority - "You have a private key that corresponds to this certificate." is missing on all certificates except one.

Asked by andrewjohnblackey in Windows Network Security, Miscellaneous Security, Active Directory

Tags: Microsoft CA, Microsoft Security, PKI, Domain Controllers, IAS

Microsoft Certificate Authority - "You have a private key that corresponds to this certificate." is missing on all certificates except one.

Hi,

I am trying to create a computer certificate to be installed on IAS ( Microsoft Internet Authentication Service ) server.

VPN client cannot connect using PEAP and I have been told that it may be because the certificates installed do not have a private key associated.

According to :

http://technet.microsoft.com/en-us/library/cc728239(WS.10).aspx

Certificates on the Authenticating Servers
For the computer certificates installed on the authenticating servers (either the VPN servers or the IAS servers), the following must be true:
"      They must be installed in the Local Computer certificate store.
"      They must have a corresponding private key.

And also according to :

http://technet.microsoft.com/ru-ru/library/cc755923(WS.10).aspx

To verify that the computer certificate for the IAS server meets all requirements
1.      From the Certificates console, double-click the certificate to open it.
2.      On the General tab, confirm that You have a private key that corresponds to this certificate appears.
3.      On the Details tab, under Field, click Enhanced Key Usage, and then confirm that there is an object identifier for Server Authentication (1.3.6.1.5.5.7.3.1).
4.      On the Details tab, under Field, click Subject Alternative Name, and then confirm that the fully qualified domain name (FQDN) of the computer account for the IAS server (for example, DNS Name=IASServerName.TestDomainName.com) appears.
5.      On the Certification Path tab, confirm that a valid certification path appears and that the statement This certificate is OK appears.

The only certificate that has this private key that corresponds to it is one that was issued by a stand-alone Microsoft certification authority in the DMZ on September 12.
Unfortunately, that certificate that has the private key also has an empty subject field and that makes it invisible for the IAS server Protected EAP Properties window.
Since I am a beginner with CAs I thought that I should install an Enterprise Root CA for making the certificate visible to the IAS server ( I did not realize that the missing subject field may be the cause).

So later I tried to install an Enterprise Root CA and none of the certificate issued by this new CAs have this "You have a private key that corresponds to this certificate." Message in the general tab of the certificates, regardless of the certificate template chosen.

Any help in understanding why all the certificates issued by this Enterprise Root CA are missing this private key would be appreciated.

Thank you.

Get your answer NOW

20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. snoopfrogg85,925
2. oBdA75,416
3. dstewartjr62,335
4. Paranorm...61,156
5. McKnife53,797
6. bbao45,259
7. richrumble40,628
8. mkline7138,275
9. johnb676737,201
10. DaveHowe36,256
11. toniur29,970
12. bluntTony29,767
13. CoccoBill26,861
14. rpggamer...25,500
15. Admin3k22,327
16. keith_ala...21,450
17. Americom20,700
18. xmachine18,300
19. Shift-317,100
20. tigermatt16,600
21. demazter16,345
22. MikeHolcomb16,068
23. Chris-Dent15,000
24. Mestha14,450
25. xxdcmast13,933

1. richrumble716,889
2. r-k434,942
3. oBdA378,303
4. Sheharya...355,518
5. trywaredk297,335
6. war1296,544
7. rpggamer...290,883
8. gidds99274,092
9. Phil_Agc...244,228
10. toniur235,529
11. KCTS217,346
12. CoccoBill209,880
13. sirbounty194,693
14. McKnife181,860
15. bbao173,429
16. PeteLong163,654
17. johnb6767161,905
18. sunray_...146,627
19. snoopfrogg134,851
20. Jay_Jay70118,090
21. leew114,761
22. PowerIT98,045
23. mdiglio97,751
24. younghv91,820
25. rindi90,461

Microsoft Certificate Authority - "You have a private key that corresponds to this certificate." is missing on all certificates except one.

Asked by andrewjohnblackey in Windows Network Security, Miscellaneous Security, Active Directory

Tags: Microsoft CA, Microsoft Security, PKI, Domain Controllers, IAS

About this solution