Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1207
  • Last Modified:

Certificate authority web enrollement problem

Hello..

I am using windows 2008 server and I am trying to use web certificate enrollment option, but it dose not work.

I am trying to generate  certificates for smart card log-in for some users, while using web enrollment. I am using Safe Sign as CSP.

If i do enrollment on behalf of some user while using MMC snapin for certificates the thing is working well, users can log in with no problem using there cards and pin number. Smart card contains everything (identity ,cert .. ) that it should
.. but if i do enrollment in IE (web enrollment), all i get writen on smart card is "unknown" (identity, cert, key ..)

Strange thing is, when you look at issued certificates under AD users and computers , the certificate is there.. everitjhing seems ok.. its just not writen coorect on smart card.

Anny idea ?
0
schkratek
Asked:
schkratek
  • 3
  • 2
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
When you use Web Enrollment, do you accept them then in CA console? Users make requests but admin has to accept the to be issued. Then they come back to Web Enrollment page and downloads it.
0
 
schkratekAuthor Commented:
I have no pending requests..
0
 
schkratekAuthor Commented:
Request Handling is not explicit
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Probably that template is old, so first you should duplicate it, creating new template version but...

I think that would be a problem, certificates cannot be requested via Web Enrollment because Windows Server 2008 Web Enrollment doesn't support them (certificates version 3)

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx
http://technet.microsoft.com/en-us/library/cc732517%28WS.10%29.aspx (look for "Certificate Web enrollment cannot be used with version 3 certificate templates")
0
 
schkratekAuthor Commented:
template is already duplicated... and also solution is at hand..

when doing it over the web.. i always requested the certificate ( as in MMC snapin) but in mmc certificate is automatic written to the smart card, while over web, you have to press install certificate after the first write on smart card is completed.. (so it takes two writest on smartcadr over the web)



0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now