why does Microsoft CA server does not install certificates in trustet root?

  • Thread starter Thread starter izael
  • Start date Start date
I

izael

Hi everyone, just a silly question,

Does anybody know why does the Microsoft Certification Authoritie does
NOT by default install the root-certification-path in the
trusted-root-certificates folder of the local-computer-store?...

When I install a certificates for L2TP VPN using the web enrrolment
service of a Microsoft CA, I have to manually move the certificate
from the USER trusted-root-certificates folder to the LOCAL-COMPUTER
trusted-root-certificates folder,

I have read many posts of people doing the same in order to make L2TP
VPN connections work, I only want to know if this behavior is normal,
or is there anythig I could do in order to fix this issue?... thaks in
advance
 
It does not install the root CA certificate through web enrollment as there
is no COM interface method for installing a root CA that is safe ofr
scripting. it there was a safe for scripting method, anyone could install a
root CA silently without the user's knowledge and that would be a security
issue.
 
Web Enrollment won't allow you to install certificate in the Local Machine
Root store because of security reasons.

Thanks,
Vishal[MSFT]
 
thaks David and Vishal for your, but ....

I installed our fist microsoft L2TP VPN in 2001, and in that time the
CA does automatically added itself to the trusted root store, I
reinstalled the server in 2003, and it doesn´t do it anymore... and
my boss is asking me why?......

Do you know if this feature was added in a service pack? because I
really can´t figure out what happed, I follow exactly the same
procedure that I used in 2001... I´m proposing to use microsoft CA
for wireless authentication, but I need to clarify this issue before
or my boss will not autorice it, coul you please help me????

Thaks in advance for your time, I would really apreciate a tip


David Cross said:
It does not install the root CA certificate through web enrollment as there
is no COM interface method for installing a root CA that is safe ofr
scripting. it there was a safe for scripting method, anyone could install a
root CA silently without the user's knowledge and that would be a security
issue.

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

izael said:
Hi everyone, just a silly question,

Does anybody know why does the Microsoft Certification Authoritie does
NOT by default install the root-certification-path in the
trusted-root-certificates folder of the local-computer-store?...

When I install a certificates for L2TP VPN using the web enrrolment
service of a Microsoft CA, I have to manually move the certificate
from the USER trusted-root-certificates folder to the LOCAL-COMPUTER
trusted-root-certificates folder,

I have read many posts of people doing the same in order to make L2TP
VPN connections work, I only want to know if this behavior is normal,
or is there anythig I could do in order to fix this issue?... thaks in
advance
Click to expand...
Click to expand...
 
yes a change was made in a service pack

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

izael said:
thaks David and Vishal for your, but ....

I installed our fist microsoft L2TP VPN in 2001, and in that time the
CA does automatically added itself to the trusted root store, I
reinstalled the server in 2003, and it doesn´t do it anymore... and
my boss is asking me why?......

Do you know if this feature was added in a service pack? because I
really can´t figure out what happed, I follow exactly the same
procedure that I used in 2001... I´m proposing to use microsoft CA
for wireless authentication, but I need to clarify this issue before
or my boss will not autorice it, coul you please help me????

Thaks in advance for your time, I would really apreciate a tip


"David Cross [MS]" <[email protected]> wrote in message
It does not install the root CA certificate through web enrollment as there
is no COM interface method for installing a root CA that is safe ofr
scripting. it there was a safe for scripting method, anyone could install a
root CA silently without the user's knowledge and that would be a security
issue.

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

izael said:
Hi everyone, just a silly question,

Does anybody know why does the Microsoft Certification Authoritie does
NOT by default install the root-certification-path in the
trusted-root-certificates folder of the local-computer-store?...

When I install a certificates for L2TP VPN using the web enrrolment
service of a Microsoft CA, I have to manually move the certificate
from the USER trusted-root-certificates folder to the LOCAL-COMPUTER
trusted-root-certificates folder,

I have read many posts of people doing the same in order to make L2TP
VPN connections work, I only want to know if this behavior is normal,
or is there anythig I could do in order to fix this issue?... thaks in
advance
Click to expand...
Click to expand...
Click to expand...
 
thaks David and Vishal for your, but ....

I installed our fist microsoft L2TP VPN in 2001, and in that time the
CA does automatically added itself to the trusted root store, I
reinstalled the server in 2003, and it doesn´t do it anymore... and
my boss is asking me why?......

Do you know if this feature was added in a service pack? because I
really can´t figure out what happed, I follow exactly the same
procedure that I used in 2001... I´m proposing to use microsoft CA
for wireless authentication, but I need to clarify this issue before
or my boss will not autorice it, coul you please help me????

Thaks in advance for your time, I would really apreciate a tip


Vishal Agarwal said:
Web Enrollment won't allow you to install certificate in the Local Machine
Root store because of security reasons.

Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
izael said:
Hi everyone, just a silly question,

Does anybody know why does the Microsoft Certification Authoritie does
NOT by default install the root-certification-path in the
trusted-root-certificates folder of the local-computer-store?...

When I install a certificates for L2TP VPN using the web enrrolment
service of a Microsoft CA, I have to manually move the certificate
from the USER trusted-root-certificates folder to the LOCAL-COMPUTER
trusted-root-certificates folder,

I have read many posts of people doing the same in order to make L2TP
VPN connections work, I only want to know if this behavior is normal,
or is there anythig I could do in order to fix this issue?... thaks in
advance
Click to expand...
Click to expand...
 
Root CA certificate should be distributed by Group Policy mechanism or using
some startup script (using capicom). For StandAlone or Workgroup machines,
you should get user to manually put the certificate in the machine's root
store.

Thanks,
Vishal[MSFT]

--
This posting is provided "AS IS" with no warranties, and confers no rights
izael said:
thaks David and Vishal for your, but ....

I installed our fist microsoft L2TP VPN in 2001, and in that time the
CA does automatically added itself to the trusted root store, I
reinstalled the server in 2003, and it doesn´t do it anymore... and
my boss is asking me why?......

Do you know if this feature was added in a service pack? because I
really can´t figure out what happed, I follow exactly the same
procedure that I used in 2001... I´m proposing to use microsoft CA
for wireless authentication, but I need to clarify this issue before
or my boss will not autorice it, coul you please help me????

Thaks in advance for your time, I would really apreciate a tip


Vishal Agarwal said:
Web Enrollment won't allow you to install certificate in the Local Machine
Root store because of security reasons.

Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
izael said:
Hi everyone, just a silly question,

Does anybody know why does the Microsoft Certification Authoritie does
NOT by default install the root-certification-path in the
trusted-root-certificates folder of the local-computer-store?...

When I install a certificates for L2TP VPN using the web enrrolment
service of a Microsoft CA, I have to manually move the certificate
from the USER trusted-root-certificates folder to the LOCAL-COMPUTER
trusted-root-certificates folder,

I have read many posts of people doing the same in order to make L2TP
VPN connections work, I only want to know if this behavior is normal,
or is there anythig I could do in order to fix this issue?... thaks in
advance
Click to expand...
Click to expand...
Click to expand...
 
Back
Top