Solved

CA not available in IIS 7

Posted on 2011-02-25
6
2,462 Views
Last Modified: 2012-05-11
Hello,

I have a problem with the Root CA on Windows Server 2008 not being available in IIS7. Actually it is not avialble in IIS6 as well. But lets stick to the IIS7 example. When try to create a Domain Certificate on a Windows Server 2008 machine then the 'Select' button next to the 'Specify Online Certification Authroity' field within IIS is being greyed out. See screenshot.

A web server template has been created and the CA has been added to the Active Directory domain both servers belong to.

So what am I doing wrong?

Thank you
Mc2102
2-25-2011-2-32-38-PM.jpg
0
Comment
Question by:Mc2102
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 

Author Comment

by:Mc2102
ID: 34983395
What I should also mention is that I can sign certificates through the Web interface without any problem and the certificates are valid in the domain. So I would assume that the CA works just fine.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34987928
According to http://technet.microsoft.com/en-us/library/cc731014(WS.10).aspx

"The Select button will be enabled only if a certification authority is correctly configured and exists on the domain."

It seems to be enabled on both of my domains and each of them has an Enterprise CA

Do you have an enterprise CA or a standalone?

See if AD knows about it, open Active Directory Sites and Services, on the View menu select to show the services node. Expand Public Key Services and make sure your CA appears under AIA, Certificate Authorities, Enrollment Services, and KRA.

Good Luck

0
 

Author Comment

by:Mc2102
ID: 35012042
bgoering,

Sorry for the late reply...I was wrapped up with other stuff. So the certificationAuthority entry is exisiting but the Enrollment Service and KRA are missing.

Could that be the problem?

Thank you
Mc2102
0
Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

 

Author Comment

by:Mc2102
ID: 35012064
Actually never mind.... the CA is being listed under the AIA, Enrollment Services and KRA folder. I assume this is what you where asking right?
0
 

Accepted Solution

by:
Mc2102 earned 0 total points
ID: 35012409
I found the solution. This feature actually only works with the default Webserver template. If you enable this template in your CA for usage then the 'Select' button in IIS will be enabled. I created a new template to assign SSL certs and this is why this feature does not work.

For more information on that check the link below:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/e3e43894-30d5-4064-93d1-96d46ef3de14/
0
 

Author Closing Comment

by:Mc2102
ID: 35045673
I accept my own comment as the solution because the steps descibed in there solved my issue.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question