Windows Server 2008 CA

Y

Yahya

Guest
Hi,

I have installed Windows Server 2008 Enterprise Root CA and Subordinate CA.

Windows Vista based PCs enroll certificate or IE on Windows Vista is capable

for web enrollement.

Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on

Windows XP is not capable for web enrollment.

IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed Windows

Server 2008 CA

Mozilla Firefox on Windows XP (SP2) is working on SSL web site by signed

Windows Server 2008 CA

--

YAHYA YAZICI

MCSE-M , MCSE-S, MCTS, MCT

Morten Bilgi ve Ãletiþim Hizmetleri Ltd. Þti

Web: www.btegitim.com

Ofis: +90 212 274 69 98

Fax: +90 212 267 46 25

E-mail: yahya@btegitim.com

 
B

Brian Komar \(MVP\)

Guest
I am not sure what you are asking.

Web enrollment does typically work

First thing I do notice is that you should be using a Standalone Root CA

rather than an enterprise root CA.

You cannot take an enterprise root CA offline and there really is no sense

for a subordinate enterprise CA with an enterprise root CA.

- Do the Vista computer work for enrollment. For Vista, it is recommended to

use the Certmgr.msc console for all enroll,ment

- What about Windows XP.

Does IE work ( I do not think so, but do not have enough info to provide

you an answer)

Does certmgr.msc work

To me it sounds like you have certificate trust issues from the new CA

hierarchy

Brian

"Yahya" <yahya_yazici@hotmail.com> wrote in message

news:C32CA1D6-06B5-453E-A4E4-998C3E6D9C16@microsoft.com...<span style="color:blue">

> Hi,

> I have installed Windows Server 2008 Enterprise Root CA and Subordinate

> CA.

> Windows Vista based PCs enroll certificate or IE on Windows Vista is

> capable

> for web enrollement.

>

> Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on

> Windows XP is not capable for web enrollment.

>

> IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed

> Windows

> Server 2008 CA

>

> Mozilla Firefox on Windows XP (SP2) is working on SSL web site by signed

> Windows Server 2008 CA

>

>

>

> --

> YAHYA YAZICI

> MCSE-M , MCSE-S, MCTS, MCT

>

> Morten Bilgi ve Ãletiþim Hizmetleri Ltd. Þti

> Web: www.btegitim.com

> Ofis: +90 212 274 69 98

> Fax: +90 212 267 46 25

>

> E-mail: yahya@btegitim.com

>

> </span>

 
Y

Yahya

Guest
Windows xp does not work with windows server 2008 CA

I cannot install certificate using certmgr.msc and Auto Enrollment does not

work on Windows XP.

If I request certificate using certmgr.msc, I have a warning ;

---------------------------

Certificate Request Wizard

---------------------------

The wizard cannot be started because of one or more of the following

conditions:

- There are no trusted certification authorities (CAs) available.

- You do not have the permissions to request certificates from the

available CAs.

- The available CAs issue certificates for which you do not have

permissions.

---------------------------

OK

---------------------------

IE (6.0 - 7.0) on windows XP can not open SSL certificate signed by windows

server 2008 CA but Mozilla firework can.

Windows Vista is working without any problem.

Why does Windows XP work with windows server 2008 CA ?

What is the problem ?

--

YAHYA YAZICI

MCSE-M , MCSE-S, MCTS, MCT

Morten Bilgi ve Ãletiþim Hizmetleri Ltd. Þti

Web: www.btegitim.com

Ofis: +90 212 274 69 98

Fax: +90 212 267 46 25

E-mail: yahya@btegitim.com

"Brian Komar (MVP)" <brian.komar.nospam@nospam.identit.ca> wrote in message

news:uBp9y%23RlIHA.1204@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

>I am not sure what you are asking.

> Web enrollment does typically work

> First thing I do notice is that you should be using a Standalone Root CA

> rather than an enterprise root CA.

> You cannot take an enterprise root CA offline and there really is no sense

> for a subordinate enterprise CA with an enterprise root CA.

> - Do the Vista computer work for enrollment. For Vista, it is recommended

> to use the Certmgr.msc console for all enroll,ment

> - What about Windows XP.

> Does IE work ( I do not think so, but do not have enough info to

> provide you an answer)

> Does certmgr.msc work

>

> To me it sounds like you have certificate trust issues from the new CA

> hierarchy

> Brian

>

> "Yahya" <yahya_yazici@hotmail.com> wrote in message

> news:C32CA1D6-06B5-453E-A4E4-998C3E6D9C16@microsoft.com...<span style="color:green">

>> Hi,

>> I have installed Windows Server 2008 Enterprise Root CA and Subordinate

>> CA.

>> Windows Vista based PCs enroll certificate or IE on Windows Vista is

>> capable

>> for web enrollement.

>>

>> Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on

>> Windows XP is not capable for web enrollment.

>>

>> IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed

>> Windows

>> Server 2008 CA

>>

>> Mozilla Firefox on Windows XP (SP2) is working on SSL web site by

>> signed

>> Windows Server 2008 CA

>>

>>

>>

>> --

>> YAHYA YAZICI

>> MCSE-M , MCSE-S, MCTS, MCT

>>

>> Morten Bilgi ve Ãletiþim Hizmetleri Ltd. Þti

>> Web: www.btegitim.com

>> Ofis: +90 212 274 69 98

>> Fax: +90 212 267 46 25

>>

>> E-mail: yahya@btegitim.com

>>

>></span>

> </span>

 
P

Paul Adare

Guest
On Thu, 3 Apr 2008 10:23:48 +0300, Yahya wrote:

<span style="color:blue">

> Windows xp does not work with windows server 2008 CA</span>

It actually does.

<span style="color:blue">

>

> I cannot install certificate using certmgr.msc and Auto Enrollment does not

> work on Windows XP.

>

> If I request certificate using certmgr.msc, I have a warning ;

>

> ---------------------------

> Certificate Request Wizard

> ---------------------------

> The wizard cannot be started because of one or more of the following

> conditions:

> - There are no trusted certification authorities (CAs) available.

> - You do not have the permissions to request certificates from the

> available CAs.

> - The available CAs issue certificates for which you do not have

> permissions.

> ---------------------------

> OK

> ---------------------------</span>

Is the XP system joined to the domain? Any errors in the event viewer on

the XP computer?

<span style="color:blue">

>

>

> IE (6.0 - 7.0) on windows XP can not open SSL certificate signed by windows

> server 2008 CA but Mozilla firework can.</span>

What does this mean exactly that XP can't open an SSL certificate? Errors?

<span style="color:blue">

>

> Windows Vista is working without any problem.

>

> Why does Windows XP work with windows server 2008 CA ?

> What is the problem ?</span>

There could be tons of reasons you're having these problems but without

more detail resolving them is going to be a challenge.

--

Paul Adare

http://www.identit.ca

LISP: To call a spade a thpade.

 
Y

Yahya

Guest
I have Installed four virtual machine

Server1 = Domain Controller

Server2 = EnterpriseSubordinate

Server3 = Enterprise Root CA (not instelled web enrollment)

Client1 = Windows XP Professional (SP2)

All servers are Windows Server 2008 Enterprise Editions.

domain name = yahya.local

On Default Domain Policy;

Under Computer Configuration > Policies > Windows Settings > Security

Settings > Publickey Policies

Certtifcate Services Client - Auto - Enrollment (enabled)

Also I imported Root and Intermediate Certifacates to ;

Under Computer Configuration > Policies > Windows Settings > Security

Settings > Publickey Policies > Trusted Root Certification Authorities

Under Computer Configuration > Policies > Windows Settings > Security

Settings > Publickey Policies > Intermediate Certification Authorities

Under Computer Configuration > Policies > Windows Settings > Security

Settings > Publickey Policies > Automatic Certificate Request Settings;

Computer,

Domain Controller,

Enrollment Agent

Under User Configuration > Policies > Windows Settings > Security Settings >

Publickey Policies >

Certtifcate Services Client - Auto - Enrollment (Enabled)

On windows XP ;

If I request certificate using certmgr.msc, I have a warning ;

---------------------------

Certificate Request Wizard

---------------------------

The wizard cannot be started because of one or more of the following

conditions:

- There are no trusted certification authorities (CAs) available.

- You do not have the permissions to request certificates from the

available CAs.

- The available CAs issue certificates for which you do not have

permissions.

---------------------------

OK

---------------------------

On windows Xp,

I opened IE 7.0 and wrote http://server2/certsrv to take a certifcate,

after certificate generated, I have pushed "Install Certficate" but not

installed

I have a error ;

---------------------------

Windows Internet Explorer

---------------------------

Unable to install the certificate:

Error: 0x80091002

---------------------------

OK

---------------------------

If I try to take a certificate using mozilla firefox, it is working

properly, install the certificate.

If i sign a website using windows server 2008 CA , I an not reach using IE

7.0 on windows XP, but mozilla is working.

What Sould I do ?

I I make a mistake, Where?

--

YAHYA YAZICI

MCSE-M , MCSE-S, MCTS, MCT

Morten Bilgi ve Ä°letiÅŸim Hizmetleri Ltd. Åžti

Web: www.btegitim.com

Ofis: +90 212 274 69 98

Fax: +90 212 267 46 25

E-mail: yahya@btegitim.com

"Paul Adare" <pkadare@gmail.com> wrote in message

news:jadvfkzjh8l0.1x8jhnhsan8py$.dlg@40tude.net...<span style="color:blue">

> On Thu, 3 Apr 2008 10:23:48 +0300, Yahya wrote:

><span style="color:green">

>> Windows xp does not work with windows server 2008 CA</span>

>

> It actually does.

><span style="color:green">

>>

>> I cannot install certificate using certmgr.msc and Auto Enrollment does

>> not

>> work on Windows XP.

>>

>> If I request certificate using certmgr.msc, I have a warning ;

>>

>> ---------------------------

>> Certificate Request Wizard

>> ---------------------------

>> The wizard cannot be started because of one or more of the following

>> conditions:

>> - There are no trusted certification authorities (CAs) available.

>> - You do not have the permissions to request certificates from the

>> available CAs.

>> - The available CAs issue certificates for which you do not have

>> permissions.

>> ---------------------------

>> OK

>> ---------------------------</span>

>

> Is the XP system joined to the domain? Any errors in the event viewer on

> the XP computer?

><span style="color:green">

>>

>>

>> IE (6.0 - 7.0) on windows XP can not open SSL certificate signed by

>> windows

>> server 2008 CA but Mozilla firework can.</span>

>

> What does this mean exactly that XP can't open an SSL certificate? Errors?

><span style="color:green">

>>

>> Windows Vista is working without any problem.

>>

>> Why does Windows XP work with windows server 2008 CA ?

>> What is the problem ?</span>

>

> There could be tons of reasons you're having these problems but without

> more detail resolving them is going to be a challenge.

>

> --

> Paul Adare

> http://www.identit.ca

> LISP: To call a spade a thpade. </span>

 
You must log in or register to reply here.
Top Bottom