Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate authority web enrollement problem

Posted on 2010-09-08
5
Medium Priority
?
1,200 Views
Last Modified: 2013-12-08
Hello..

I am using windows 2008 server and I am trying to use web certificate enrollment option, but it dose not work.

I am trying to generate  certificates for smart card log-in for some users, while using web enrollment. I am using Safe Sign as CSP.

If i do enrollment on behalf of some user while using MMC snapin for certificates the thing is working well, users can log in with no problem using there cards and pin number. Smart card contains everything (identity ,cert .. ) that it should
.. but if i do enrollment in IE (web enrollment), all i get writen on smart card is "unknown" (identity, cert, key ..)

Strange thing is, when you look at issued certificates under AD users and computers , the certificate is there.. everitjhing seems ok.. its just not writen coorect on smart card.

Anny idea ?
0
Comment
Question by:schkratek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33625541
When you use Web Enrollment, do you accept them then in CA console? Users make requests but admin has to accept the to be issued. Then they come back to Web Enrollment page and downloads it.
0
 

Author Comment

by:schkratek
ID: 33625603
I have no pending requests..
0
 

Author Comment

by:schkratek
ID: 33625613
Request Handling is not explicit
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33625840
Probably that template is old, so first you should duplicate it, creating new template version but...

I think that would be a problem, certificates cannot be requested via Web Enrollment because Windows Server 2008 Web Enrollment doesn't support them (certificates version 3)

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx
http://technet.microsoft.com/en-us/library/cc732517%28WS.10%29.aspx (look for "Certificate Web enrollment cannot be used with version 3 certificate templates")
0
 

Accepted Solution

by:
schkratek earned 0 total points
ID: 33626052
template is already duplicated... and also solution is at hand..

when doing it over the web.. i always requested the certificate ( as in MMC snapin) but in mmc certificate is automatic written to the smart card, while over web, you have to press install certificate after the first write on smart card is completed.. (so it takes two writest on smartcadr over the web)



0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question