Certificate Templates - Duplicating template - Issue does ..

Archived from groups: microsoft.public.win2000.security (More info?)

Windows 2003 Enterprise CA

I need to customize the Web Server certficate so it can be used for Cisoc
ACS V3.3

When I duplicate the web server cert, I enable export key, and add CSP for
MS Base Crypto Provider v1.0. This process seems OK>

When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can not
issue it.

AD has replicated and it still does not show up.

Please help
5 answers Last reply
More about certificate templates duplicating template issue
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi,

    Is your CA server running on Windows 2003 Enterprise Edition (not Enterprise
    setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
    server on Windows 2003 Standard Edition you won't be able to use v.2
    certificate templates.

    Mike

    "klose" <norepl@noreply.com> wrote in message
    news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
    > Windows 2003 Enterprise CA
    >
    > I need to customize the Web Server certficate so it can be used for Cisoc
    > ACS V3.3
    >
    > When I duplicate the web server cert, I enable export key, and add CSP for
    > MS Base Crypto Provider v1.0. This process seems OK>
    >
    > When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can not
    > issue it.
    >
    > AD has replicated and it still does not show up.
    >
    > Please help
    >
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Its a Windows 2003 Std Svr, Enterprise CA was installed.

    I read somewhere that Ent Svr was not required, .............
    Is there another option, workaround?

    Can I use a V1 template, duplicate and customize it?


    "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    news:efNFaJ%23nEHA.3324@TK2MSFTNGP15.phx.gbl...
    > Hi,
    >
    > Is your CA server running on Windows 2003 Enterprise Edition (not
    > Enterprise
    > setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
    > server on Windows 2003 Standard Edition you won't be able to use v.2
    > certificate templates.
    >
    > Mike
    >
    > "klose" <norepl@noreply.com> wrote in message
    > news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
    >> Windows 2003 Enterprise CA
    >>
    >> I need to customize the Web Server certficate so it can be used for Cisoc
    >> ACS V3.3
    >>
    >> When I duplicate the web server cert, I enable export key, and add CSP
    >> for
    >> MS Base Crypto Provider v1.0. This process seems OK>
    >>
    >> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can
    >> not
    >> issue it.
    >>
    >> AD has replicated and it still does not show up.
    >>
    >> Please help
    >>
    >>
    >>
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    I don't know where you read that, but to issue certificates based on v.2
    templates you will have to run your CA server on Enterprise Edition. What
    you should be able to do is upgrade your Windows 2003 Standard Edition to
    Enterprise Edition if you need to modify your certificate templates.

    Implementing and Administering Certificate Templates in Windows Server 2003
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx

    Best Practices for Implementing a Microsoft Windows Server2003 Public Key
    Infrastructure
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

    PKI Enhancements in Windows XP Professional and Windows Server 2003
    http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

    Windows Server 2003 PKI Operations Guide
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

    Managing a Windows Server 2003 Public Key Infrastructure
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

    Advanced Certificate Enrollment and Management
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

    Mike

    "klose" <norepl@noreply.com> wrote in message
    news:eepE2M%23nEHA.2808@TK2MSFTNGP10.phx.gbl...
    > Its a Windows 2003 Std Svr, Enterprise CA was installed.
    >
    > I read somewhere that Ent Svr was not required, .............
    > Is there another option, workaround?
    >
    > Can I use a V1 template, duplicate and customize it?
    >
    >
    > "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    > news:efNFaJ%23nEHA.3324@TK2MSFTNGP15.phx.gbl...
    > > Hi,
    > >
    > > Is your CA server running on Windows 2003 Enterprise Edition (not
    > > Enterprise
    > > setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
    > > server on Windows 2003 Standard Edition you won't be able to use v.2
    > > certificate templates.
    > >
    > > Mike
    > >
    > > "klose" <norepl@noreply.com> wrote in message
    > > news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
    > >> Windows 2003 Enterprise CA
    > >>
    > >> I need to customize the Web Server certficate so it can be used for
    Cisoc
    > >> ACS V3.3
    > >>
    > >> When I duplicate the web server cert, I enable export key, and add CSP
    > >> for
    > >> MS Base Crypto Provider v1.0. This process seems OK>
    > >>
    > >> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can
    > >> not
    > >> issue it.
    > >>
    > >> AD has replicated and it still does not show up.
    > >>
    > >> Please help
    > >>
    > >>
    > >>
    > >
    > >
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Thank you for your help and the links........

    Yes, I see your correct....now I see an article that confirms it.

    Rather than upgrade the OS for this service, can I create and import a V1
    certficate somehow?

    I only need to make one variation of the web server cert.

    This all started becasue 2003 CA version grays out the Export Key option in
    the Web Server template and changed the CSP default. This was not grayed
    out in W2K.


    "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    news:elFvSU%23nEHA.1052@TK2MSFTNGP10.phx.gbl...
    >I don't know where you read that, but to issue certificates based on v.2
    > templates you will have to run your CA server on Enterprise Edition. What
    > you should be able to do is upgrade your Windows 2003 Standard Edition to
    > Enterprise Edition if you need to modify your certificate templates.
    >
    > Implementing and Administering Certificate Templates in Windows Server
    > 2003
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
    >
    > Best Practices for Implementing a Microsoft Windows Server2003 Public Key
    > Infrastructure
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
    >
    > PKI Enhancements in Windows XP Professional and Windows Server 2003
    > http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
    >
    > Windows Server 2003 PKI Operations Guide
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
    >
    > Managing a Windows Server 2003 Public Key Infrastructure
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
    >
    > Advanced Certificate Enrollment and Management
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
    >
    > Mike
    >
    > "klose" <norepl@noreply.com> wrote in message
    > news:eepE2M%23nEHA.2808@TK2MSFTNGP10.phx.gbl...
    >> Its a Windows 2003 Std Svr, Enterprise CA was installed.
    >>
    >> I read somewhere that Ent Svr was not required, .............
    >> Is there another option, workaround?
    >>
    >> Can I use a V1 template, duplicate and customize it?
    >>
    >>
    >> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    >> news:efNFaJ%23nEHA.3324@TK2MSFTNGP15.phx.gbl...
    >> > Hi,
    >> >
    >> > Is your CA server running on Windows 2003 Enterprise Edition (not
    >> > Enterprise
    >> > setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
    >> > server on Windows 2003 Standard Edition you won't be able to use v.2
    >> > certificate templates.
    >> >
    >> > Mike
    >> >
    >> > "klose" <norepl@noreply.com> wrote in message
    >> > news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
    >> >> Windows 2003 Enterprise CA
    >> >>
    >> >> I need to customize the Web Server certficate so it can be used for
    > Cisoc
    >> >> ACS V3.3
    >> >>
    >> >> When I duplicate the web server cert, I enable export key, and add CSP
    >> >> for
    >> >> MS Base Crypto Provider v1.0. This process seems OK>
    >> >>
    >> >> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can
    >> >> not
    >> >> issue it.
    >> >>
    >> >> AD has replicated and it still does not show up.
    >> >>
    >> >> Please help
    >> >>
    >> >>
    >> >>
    >> >
    >> >
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    In article <eBRbpf#nEHA.2340@TK2MSFTNGP11.phx.gbl>,
    norepl@noreply.com says...
    >
    > Thank you for your help and the links........
    >
    > Yes, I see your correct....now I see an article that confirms it.
    >
    > Rather than upgrade the OS for this service, can I create and import a V1
    > certficate somehow?
    >
    > I only need to make one variation of the web server cert.
    >
    > This all started becasue 2003 CA version grays out the Export Key option in
    > the Web Server template and changed the CSP default. This was not grayed
    > out in W2K.
    >
    >
    >
    > "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    > news:elFvSU%23nEHA.1052@TK2MSFTNGP10.phx.gbl...
    > >I don't know where you read that, but to issue certificates based on v.2
    > > templates you will have to run your CA server on Enterprise Edition. What
    > > you should be able to do is upgrade your Windows 2003 Standard Edition to
    > > Enterprise Edition if you need to modify your certificate templates.
    > >
    > > Implementing and Administering Certificate Templates in Windows Server
    > > 2003
    > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
    > >
    > > Best Practices for Implementing a Microsoft Windows Server2003 Public Key
    > > Infrastructure
    > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
    > >
    > > PKI Enhancements in Windows XP Professional and Windows Server 2003
    > > http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
    > >
    > > Windows Server 2003 PKI Operations Guide
    > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
    > >
    > > Managing a Windows Server 2003 Public Key Infrastructure
    > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
    > >
    > > Advanced Certificate Enrollment and Management
    > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
    > >
    > > Mike
    > >
    > > "klose" <norepl@noreply.com> wrote in message
    > > news:eepE2M%23nEHA.2808@TK2MSFTNGP10.phx.gbl...
    > >> Its a Windows 2003 Std Svr, Enterprise CA was installed.
    > >>
    > >> I read somewhere that Ent Svr was not required, .............
    No, the modification of a template requires a version 2
    certificate template. And, as stated, only Enterprise
    Edition CAs, configured as enterprise CAs, can issue
    version 2 templates.

    Brian
Ask a new question

Read More

Windows Server 2003 Web Server Certificate Windows