Solved

CA not available in IIS 7

Posted on 2011-02-25
6
2,345 Views
Last Modified: 2012-05-11
Hello,

I have a problem with the Root CA on Windows Server 2008 not being available in IIS7. Actually it is not avialble in IIS6 as well. But lets stick to the IIS7 example. When try to create a Domain Certificate on a Windows Server 2008 machine then the 'Select' button next to the 'Specify Online Certification Authroity' field within IIS is being greyed out. See screenshot.

A web server template has been created and the CA has been added to the Active Directory domain both servers belong to.

So what am I doing wrong?

Thank you
Mc2102
2-25-2011-2-32-38-PM.jpg
0
Comment
Question by:Mc2102
  • 5
6 Comments
 

Author Comment

by:Mc2102
ID: 34983395
What I should also mention is that I can sign certificates through the Web interface without any problem and the certificates are valid in the domain. So I would assume that the CA works just fine.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34987928
According to http://technet.microsoft.com/en-us/library/cc731014(WS.10).aspx

"The Select button will be enabled only if a certification authority is correctly configured and exists on the domain."

It seems to be enabled on both of my domains and each of them has an Enterprise CA

Do you have an enterprise CA or a standalone?

See if AD knows about it, open Active Directory Sites and Services, on the View menu select to show the services node. Expand Public Key Services and make sure your CA appears under AIA, Certificate Authorities, Enrollment Services, and KRA.

Good Luck

0
 

Author Comment

by:Mc2102
ID: 35012042
bgoering,

Sorry for the late reply...I was wrapped up with other stuff. So the certificationAuthority entry is exisiting but the Enrollment Service and KRA are missing.

Could that be the problem?

Thank you
Mc2102
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Mc2102
ID: 35012064
Actually never mind.... the CA is being listed under the AIA, Enrollment Services and KRA folder. I assume this is what you where asking right?
0
 

Accepted Solution

by:
Mc2102 earned 0 total points
ID: 35012409
I found the solution. This feature actually only works with the default Webserver template. If you enable this template in your CA for usage then the 'Select' button in IIS will be enabled. I created a new template to assign SSL certs and this is why this feature does not work.

For more information on that check the link below:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/e3e43894-30d5-4064-93d1-96d46ef3de14/
0
 

Author Closing Comment

by:Mc2102
ID: 35045673
I accept my own comment as the solution because the steps descibed in there solved my issue.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question