Solved

CA not available in IIS 7

Posted on 2011-02-25
6
2,403 Views
Last Modified: 2012-05-11
Hello,

I have a problem with the Root CA on Windows Server 2008 not being available in IIS7. Actually it is not avialble in IIS6 as well. But lets stick to the IIS7 example. When try to create a Domain Certificate on a Windows Server 2008 machine then the 'Select' button next to the 'Specify Online Certification Authroity' field within IIS is being greyed out. See screenshot.

A web server template has been created and the CA has been added to the Active Directory domain both servers belong to.

So what am I doing wrong?

Thank you
Mc2102
2-25-2011-2-32-38-PM.jpg
0
Comment
Question by:Mc2102
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 

Author Comment

by:Mc2102
ID: 34983395
What I should also mention is that I can sign certificates through the Web interface without any problem and the certificates are valid in the domain. So I would assume that the CA works just fine.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34987928
According to http://technet.microsoft.com/en-us/library/cc731014(WS.10).aspx

"The Select button will be enabled only if a certification authority is correctly configured and exists on the domain."

It seems to be enabled on both of my domains and each of them has an Enterprise CA

Do you have an enterprise CA or a standalone?

See if AD knows about it, open Active Directory Sites and Services, on the View menu select to show the services node. Expand Public Key Services and make sure your CA appears under AIA, Certificate Authorities, Enrollment Services, and KRA.

Good Luck

0
 

Author Comment

by:Mc2102
ID: 35012042
bgoering,

Sorry for the late reply...I was wrapped up with other stuff. So the certificationAuthority entry is exisiting but the Enrollment Service and KRA are missing.

Could that be the problem?

Thank you
Mc2102
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:Mc2102
ID: 35012064
Actually never mind.... the CA is being listed under the AIA, Enrollment Services and KRA folder. I assume this is what you where asking right?
0
 

Accepted Solution

by:
Mc2102 earned 0 total points
ID: 35012409
I found the solution. This feature actually only works with the default Webserver template. If you enable this template in your CA for usage then the 'Select' button in IIS will be enabled. I created a new template to assign SSL certs and this is why this feature does not work.

For more information on that check the link below:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/e3e43894-30d5-4064-93d1-96d46ef3de14/
0
 

Author Closing Comment

by:Mc2102
ID: 35045673
I accept my own comment as the solution because the steps descibed in there solved my issue.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sync home folder not working- urgent 13 58
BgInfo help 5 110
exchange, windows server 2008 4 58
DNS Record Manupluation 11 45
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question