Sign in with
Sign up | Sign in
Your question

Certificate Templates - Duplicating template - Issue does ..

Last response: in Windows 2000/NT
Share
Anonymous
September 21, 2004 1:10:43 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Windows 2003 Enterprise CA

I need to customize the Web Server certficate so it can be used for Cisoc
ACS V3.3

When I duplicate the web server cert, I enable export key, and add CSP for
MS Base Crypto Provider v1.0. This process seems OK>

When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can not
issue it.

AD has replicated and it still does not show up.

Please help
Anonymous
September 21, 2004 7:53:13 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

Is your CA server running on Windows 2003 Enterprise Edition (not Enterprise
setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
server on Windows 2003 Standard Edition you won't be able to use v.2
certificate templates.

Mike

"klose" <norepl@noreply.com> wrote in message
news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
> Windows 2003 Enterprise CA
>
> I need to customize the Web Server certficate so it can be used for Cisoc
> ACS V3.3
>
> When I duplicate the web server cert, I enable export key, and add CSP for
> MS Base Crypto Provider v1.0. This process seems OK>
>
> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can not
> issue it.
>
> AD has replicated and it still does not show up.
>
> Please help
>
>
>
Anonymous
September 21, 2004 7:53:14 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Its a Windows 2003 Std Svr, Enterprise CA was installed.

I read somewhere that Ent Svr was not required, .............
Is there another option, workaround?

Can I use a V1 template, duplicate and customize it?


"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:efNFaJ%23nEHA.3324@TK2MSFTNGP15.phx.gbl...
> Hi,
>
> Is your CA server running on Windows 2003 Enterprise Edition (not
> Enterprise
> setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
> server on Windows 2003 Standard Edition you won't be able to use v.2
> certificate templates.
>
> Mike
>
> "klose" <norepl@noreply.com> wrote in message
> news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
>> Windows 2003 Enterprise CA
>>
>> I need to customize the Web Server certficate so it can be used for Cisoc
>> ACS V3.3
>>
>> When I duplicate the web server cert, I enable export key, and add CSP
>> for
>> MS Base Crypto Provider v1.0. This process seems OK>
>>
>> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can
>> not
>> issue it.
>>
>> AD has replicated and it still does not show up.
>>
>> Please help
>>
>>
>>
>
>
Related resources
Anonymous
September 21, 2004 8:12:42 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I don't know where you read that, but to issue certificates based on v.2
templates you will have to run your CA server on Enterprise Edition. What
you should be able to do is upgrade your Windows 2003 Standard Edition to
Enterprise Edition if you need to modify your certificate templates.

Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsser...

Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsser...

PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/p...

Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsser...

Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsser...

Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsser...

Mike

"klose" <norepl@noreply.com> wrote in message
news:eepE2M%23nEHA.2808@TK2MSFTNGP10.phx.gbl...
> Its a Windows 2003 Std Svr, Enterprise CA was installed.
>
> I read somewhere that Ent Svr was not required, .............
> Is there another option, workaround?
>
> Can I use a V1 template, duplicate and customize it?
>
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> news:efNFaJ%23nEHA.3324@TK2MSFTNGP15.phx.gbl...
> > Hi,
> >
> > Is your CA server running on Windows 2003 Enterprise Edition (not
> > Enterprise
> > setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
> > server on Windows 2003 Standard Edition you won't be able to use v.2
> > certificate templates.
> >
> > Mike
> >
> > "klose" <norepl@noreply.com> wrote in message
> > news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
> >> Windows 2003 Enterprise CA
> >>
> >> I need to customize the Web Server certficate so it can be used for
Cisoc
> >> ACS V3.3
> >>
> >> When I duplicate the web server cert, I enable export key, and add CSP
> >> for
> >> MS Base Crypto Provider v1.0. This process seems OK>
> >>
> >> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can
> >> not
> >> issue it.
> >>
> >> AD has replicated and it still does not show up.
> >>
> >> Please help
> >>
> >>
> >>
> >
> >
>
>
Anonymous
September 21, 2004 8:12:43 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thank you for your help and the links........

Yes, I see your correct....now I see an article that confirms it.

Rather than upgrade the OS for this service, can I create and import a V1
certficate somehow?

I only need to make one variation of the web server cert.

This all started becasue 2003 CA version grays out the Export Key option in
the Web Server template and changed the CSP default. This was not grayed
out in W2K.



"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:elFvSU%23nEHA.1052@TK2MSFTNGP10.phx.gbl...
>I don't know where you read that, but to issue certificates based on v.2
> templates you will have to run your CA server on Enterprise Edition. What
> you should be able to do is upgrade your Windows 2003 Standard Edition to
> Enterprise Edition if you need to modify your certificate templates.
>
> Implementing and Administering Certificate Templates in Windows Server
> 2003
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> Best Practices for Implementing a Microsoft Windows Server2003 Public Key
> Infrastructure
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> PKI Enhancements in Windows XP Professional and Windows Server 2003
> http://www.microsoft.com/technet/prodtechnol/winxppro/p...
>
> Windows Server 2003 PKI Operations Guide
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> Managing a Windows Server 2003 Public Key Infrastructure
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> Advanced Certificate Enrollment and Management
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> Mike
>
> "klose" <norepl@noreply.com> wrote in message
> news:eepE2M%23nEHA.2808@TK2MSFTNGP10.phx.gbl...
>> Its a Windows 2003 Std Svr, Enterprise CA was installed.
>>
>> I read somewhere that Ent Svr was not required, .............
>> Is there another option, workaround?
>>
>> Can I use a V1 template, duplicate and customize it?
>>
>>
>> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
>> news:efNFaJ%23nEHA.3324@TK2MSFTNGP15.phx.gbl...
>> > Hi,
>> >
>> > Is your CA server running on Windows 2003 Enterprise Edition (not
>> > Enterprise
>> > setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
>> > server on Windows 2003 Standard Edition you won't be able to use v.2
>> > certificate templates.
>> >
>> > Mike
>> >
>> > "klose" <norepl@noreply.com> wrote in message
>> > news:eze8jx9nEHA.596@TK2MSFTNGP11.phx.gbl...
>> >> Windows 2003 Enterprise CA
>> >>
>> >> I need to customize the Web Server certficate so it can be used for
> Cisoc
>> >> ACS V3.3
>> >>
>> >> When I duplicate the web server cert, I enable export key, and add CSP
>> >> for
>> >> MS Base Crypto Provider v1.0. This process seems OK>
>> >>
>> >> When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can
>> >> not
>> >> issue it.
>> >>
>> >> AD has replicated and it still does not show up.
>> >>
>> >> Please help
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Anonymous
September 21, 2004 8:12:44 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In article <eBRbpf#nEHA.2340@TK2MSFTNGP11.phx.gbl>,
norepl@noreply.com says...
>
> Thank you for your help and the links........
>
> Yes, I see your correct....now I see an article that confirms it.
>
> Rather than upgrade the OS for this service, can I create and import a V1
> certficate somehow?
>
> I only need to make one variation of the web server cert.
>
> This all started becasue 2003 CA version grays out the Export Key option in
> the Web Server template and changed the CSP default. This was not grayed
> out in W2K.
>
>
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> news:elFvSU%23nEHA.1052@TK2MSFTNGP10.phx.gbl...
> >I don't know where you read that, but to issue certificates based on v.2
> > templates you will have to run your CA server on Enterprise Edition. What
> > you should be able to do is upgrade your Windows 2003 Standard Edition to
> > Enterprise Edition if you need to modify your certificate templates.
> >
> > Implementing and Administering Certificate Templates in Windows Server
> > 2003
> > http://www.microsoft.com/technet/prodtechnol/windowsser...
> >
> > Best Practices for Implementing a Microsoft Windows Server2003 Public Key
> > Infrastructure
> > http://www.microsoft.com/technet/prodtechnol/windowsser...
> >
> > PKI Enhancements in Windows XP Professional and Windows Server 2003
> > http://www.microsoft.com/technet/prodtechnol/winxppro/p...
> >
> > Windows Server 2003 PKI Operations Guide
> > http://www.microsoft.com/technet/prodtechnol/windowsser...
> >
> > Managing a Windows Server 2003 Public Key Infrastructure
> > http://www.microsoft.com/technet/prodtechnol/windowsser...
> >
> > Advanced Certificate Enrollment and Management
> > http://www.microsoft.com/technet/prodtechnol/windowsser...
> >
> > Mike
> >
> > "klose" <norepl@noreply.com> wrote in message
> > news:eepE2M%23nEHA.2808@TK2MSFTNGP10.phx.gbl...
> >> Its a Windows 2003 Std Svr, Enterprise CA was installed.
> >>
> >> I read somewhere that Ent Svr was not required, .............
No, the modification of a template requires a version 2
certificate template. And, as stated, only Enterprise
Edition CAs, configured as enterprise CAs, can issue
version 2 templates.

Brian
!