CA not available in IIS 7

Hello,

I have a problem with the Root CA on Windows Server 2008 not being available in IIS7. Actually it is not avialble in IIS6 as well. But lets stick to the IIS7 example. When try to create a Domain Certificate on a Windows Server 2008 machine then the 'Select' button next to the 'Specify Online Certification Authroity' field within IIS is being greyed out. See screenshot.

A web server template has been created and the CA has been added to the Active Directory domain both servers belong to.

So what am I doing wrong?

Thank you
Mc2102
2-25-2011-2-32-38-PM.jpg
Mc2102Asked:
Who is Participating?
 
Mc2102Connect With a Mentor Author Commented:
I found the solution. This feature actually only works with the default Webserver template. If you enable this template in your CA for usage then the 'Select' button in IIS will be enabled. I created a new template to assign SSL certs and this is why this feature does not work.

For more information on that check the link below:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/e3e43894-30d5-4064-93d1-96d46ef3de14/
0
 
Mc2102Author Commented:
What I should also mention is that I can sign certificates through the Web interface without any problem and the certificates are valid in the domain. So I would assume that the CA works just fine.
0
 
bgoeringCommented:
According to http://technet.microsoft.com/en-us/library/cc731014(WS.10).aspx

"The Select button will be enabled only if a certification authority is correctly configured and exists on the domain."

It seems to be enabled on both of my domains and each of them has an Enterprise CA

Do you have an enterprise CA or a standalone?

See if AD knows about it, open Active Directory Sites and Services, on the View menu select to show the services node. Expand Public Key Services and make sure your CA appears under AIA, Certificate Authorities, Enrollment Services, and KRA.

Good Luck

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Mc2102Author Commented:
bgoering,

Sorry for the late reply...I was wrapped up with other stuff. So the certificationAuthority entry is exisiting but the Enrollment Service and KRA are missing.

Could that be the problem?

Thank you
Mc2102
0
 
Mc2102Author Commented:
Actually never mind.... the CA is being listed under the AIA, Enrollment Services and KRA folder. I assume this is what you where asking right?
0
 
Mc2102Author Commented:
I accept my own comment as the solution because the steps descibed in there solved my issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.