Certificate Web Enrollment (Server 2003 and Vista)

[Guest Tim D]

Problem:

After installing the Certificate Services Web enrollment pages update

KB922706 on Windows Server 2003 the “install this CA certificate†link

generates an invalid security certificate for Windows Vista clients.

 

More:

For Vista clients, the screen to install the digital certificate states that

“the Certificate you requested was issued to you†after the certificate is

issued and then provides a link to “Install this certificateâ€Â. It then lists

“This CA is not trusted. To trust certificates issued from this certification

authority, install this CA certificate.â€Â

 

After selecting “install this CA certificate†a file named certnew.cer is

generated. Saving or directly opening both result in an error message being

displayed with the title “invalid public key security object file†and the

message “this file is invalid for use as the following: Security Certificateâ€Â.

 

Steps that I’ve already taken:

The web enrollment URL was added to the trusted sites in IE7 on Vista.

I’ve tried “Run as administrator†on IE7 to make the certificate request.

SP2 has been applied on the Windows Server 2003 CA server.

The ActiveX security settings look OK.

 

Note:

The web enrollment continues to work for Windows XP clients.

 

My Current Workaround:

Exporting the Root Certificate from an XP computer and installing it on the

Vista client enabled the web enrollment process to work. Using an advanced

request and selecting a 2048 key size created a certificate that could be

installed.

 

Server:

Microsoft Windows Server 2003

Standard Edition

Service Pack 2

 

Client:

Windows Vista Enterprise

Service Pack 1

 

Question:

How can I get the web enrollment process to install the Root Certificate

automatically using Vista Clients without requiring the workaround?