Certificate Templates - Duplicating template - Issue does not work

  • Thread starter Thread starter klose
  • Start date Start date
K

klose

Windows 2003 Enterprise CA

I need to customize the Web Server certficate so it can be used for Cisoc
ACS V3.3

When I duplicate the web server cert, I enable export key, and add CSP for
MS Base Crypto Provider v1.0. This process seems OK>

When I open CA to issue this certificate, IT DOES NOT APPEAR, so I can not
issue it.

AD has replicated and it still does not show up.

Please help
 
Hi,

Is your CA server running on Windows 2003 Enterprise Edition (not Enterprise
setup of CA) but Enterprise Edition of Windows 2003. If you run your CA
server on Windows 2003 Standard Edition you won't be able to use v.2
certificate templates.

Mike
 
Its a Windows 2003 Std Svr, Enterprise CA was installed.

I read somewhere that Ent Svr was not required, .............
Is there another option, workaround?

Can I use a V1 template, duplicate and customize it?
 
I don't know where you read that, but to issue certificates based on v.2
templates you will have to run your CA server on Enterprise Edition. What
you should be able to do is upgrade your Windows 2003 Standard Edition to
Enterprise Edition if you need to modify your certificate templates.

Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx

Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

Mike
 
Thank you for your help and the links........

Yes, I see your correct....now I see an article that confirms it.

Rather than upgrade the OS for this service, can I create and import a V1
certficate somehow?

I only need to make one variation of the web server cert.

This all started becasue 2003 CA version grays out the Export Key option in
the Web Server template and changed the CSP default. This was not grayed
out in W2K.
 
Thank you for your help and the links........

Yes, I see your correct....now I see an article that confirms it.

Rather than upgrade the OS for this service, can I create and import a V1
certficate somehow?

I only need to make one variation of the web server cert.

This all started becasue 2003 CA version grays out the Export Key option in
the Web Server template and changed the CSP default. This was not grayed
out in W2K.
Click to expand...
No, the modification of a template requires a version 2
certificate template. And, as stated, only Enterprise
Edition CAs, configured as enterprise CAs, can issue
version 2 templates.

Brian
 
Back
Top