Server 2008 Certificate Server

SHagel used Ask the Experts™

Hello All,

New to this so please bare with me

i have installed server 2008 32 bit as a VM in our calgary office
i have setup a certification authority

it seems to be working on most computers in the Calgary office

I have a user with windows vista in our halifax office who cant get a certificate

he recives the message
in order to complete certificate enrollment  the website for the CA must be configured to use HTTPS authentication

and it also brings him to the advanced certicate request

i have enabled the active x in IE and also added the site to trusted sites

any help please
i have never worked with certificate servers and limited server 2008
attached is a screen shot
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®


those hotfixs are for server 2003 not 2008 unless i am miss reading
Yes, you are right about that.
But have you tried (its from link):
1. In the Internet Explorer, tools--->Internet Options--->Security tab--->Trusted Sites.
Click Sites, clear the option "Require server verification (https for all sites in this zone" and add the current CA web enrollment site into the list.

2. In the IIS Manager (Sites--->Default Web Site--->CertSrv), double click SSL Settings and check to clear the option "Require SSL". Then apply the change and check how it works. (on certsrv)

3. Since you have turned off SSL, make sure that your IE settings enable "Initialize ActiveX unsafe for scripting" You can find this under Tools->Internet Options->Security. Select the zone [trusted, internet, intranet, etc...] and then select the "Custom Level..." button. You should find this option in the list.

Hope it helps.

Or set (temporarily) security settings for zone of certsrv to low
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.


or that almost worked

didnt get that error
if you could help me with this next question about it would be great or i can create a new question to

now a little more information
my users log into multiple domains depending what they are doing for there job
my certificate server is on the main domain but this user is logged into the other domain

and now recives there message

No certificate templates could be found, you don't have permission to request a certificate from this CA, Or an error occured while accessing the active directory

Any ideas on how to resolve this


think i got it i can export and import it
Have you solved your problem?


the first error about https yes but not the second
No certificate templates could be found, you don't have permission to request a certificate from this CA, Or an error occured while accessing the active directory

but i think i can just export and import the cert file
I'm not sure that I understand you completely (logins to multiple domain). It is the same forest? Do you have some trusts between different domains? Creating them maybe would help.
How do you create request - if request and certificate is tied to user, then creating certificate with one user and then importing it with other user may not work.
Have you tried it yet? If it does not work it is maybe good to open new question as more experts could help you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial