Solved

CA not available in IIS 7

Posted on 2011-02-25
6
2,263 Views
Last Modified: 2012-05-11
Hello,

I have a problem with the Root CA on Windows Server 2008 not being available in IIS7. Actually it is not avialble in IIS6 as well. But lets stick to the IIS7 example. When try to create a Domain Certificate on a Windows Server 2008 machine then the 'Select' button next to the 'Specify Online Certification Authroity' field within IIS is being greyed out. See screenshot.

A web server template has been created and the CA has been added to the Active Directory domain both servers belong to.

So what am I doing wrong?

Thank you
Mc2102
2-25-2011-2-32-38-PM.jpg
0
Comment
Question by:Mc2102
  • 5
6 Comments
 

Author Comment

by:Mc2102
ID: 34983395
What I should also mention is that I can sign certificates through the Web interface without any problem and the certificates are valid in the domain. So I would assume that the CA works just fine.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34987928
According to http://technet.microsoft.com/en-us/library/cc731014(WS.10).aspx

"The Select button will be enabled only if a certification authority is correctly configured and exists on the domain."

It seems to be enabled on both of my domains and each of them has an Enterprise CA

Do you have an enterprise CA or a standalone?

See if AD knows about it, open Active Directory Sites and Services, on the View menu select to show the services node. Expand Public Key Services and make sure your CA appears under AIA, Certificate Authorities, Enrollment Services, and KRA.

Good Luck

0
 

Author Comment

by:Mc2102
ID: 35012042
bgoering,

Sorry for the late reply...I was wrapped up with other stuff. So the certificationAuthority entry is exisiting but the Enrollment Service and KRA are missing.

Could that be the problem?

Thank you
Mc2102
0
Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

 

Author Comment

by:Mc2102
ID: 35012064
Actually never mind.... the CA is being listed under the AIA, Enrollment Services and KRA folder. I assume this is what you where asking right?
0
 

Accepted Solution

by:
Mc2102 earned 0 total points
ID: 35012409
I found the solution. This feature actually only works with the default Webserver template. If you enable this template in your CA for usage then the 'Select' button in IIS will be enabled. I created a new template to assign SSL certs and this is why this feature does not work.

For more information on that check the link below:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/e3e43894-30d5-4064-93d1-96d46ef3de14/
0
 

Author Closing Comment

by:Mc2102
ID: 35045673
I accept my own comment as the solution because the steps descibed in there solved my issue.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now