Enterprise Certificate Authority and Computer Certificates

[Chris Vain]

I'm working on a using Microsoft (Windows2000)
Certificate Services as a certificate authority for PEAP
with IAS. I'm using Group Policy to automatically
distribute computer certificates to domain computers and
everything is working fine.

My one problem is the use of certificates for non domain
computers. I can't work out how or if its possible to
request a computer certificate manually.

Does anyone have any ideas ?

Thanks,
Chris

 

[Steven Umbach]

You will need to use Web Enroll and enable the offline ipsec template [I think,
it is needed for l2tp] in the Certificate Authority Management Console under
policy settings. The user requesting the certificate needs to have local
administrator credentials and the CA certificate will also need to be requested
and installed. See the links below for more info. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 --- may be of
help.

 

[David Cross [MS]]

use the ipsec offline router template

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

You will need to use Web Enroll and enable the offline ipsec template [I think,
it is needed for l2tp] in the Certificate Authority Management Console under
policy settings. The user requesting the certificate needs to have local
administrator credentials and the CA certificate will also need to be requested
and installed. See the links below for more info. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 --- may be of
help.

I'm working on a using Microsoft (Windows2000)
Certificate Services as a certificate authority for PEAP
with IAS. I'm using Group Policy to automatically
distribute computer certificates to domain computers and
everything is working fine.

My one problem is the use of certificates for non domain
computers. I can't work out how or if its possible to
request a computer certificate manually.

Does anyone have any ideas ?

Thanks,
Chris

 

[Steven L Umbach]

Thank your for that info David. -- Steve

use the ipsec offline router template

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

You will need to use Web Enroll and enable the offline ipsec template [I think,
it is needed for l2tp] in the Certificate Authority Management Console under
policy settings. The user requesting the certificate needs to have local
administrator credentials and the CA certificate will also need to be requested
and installed. See the links below for more info. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 --- may be of
help.

I'm working on a using Microsoft (Windows2000)
Certificate Services as a certificate authority for PEAP
with IAS. I'm using Group Policy to automatically
distribute computer certificates to domain computers and
everything is working fine.

My one problem is the use of certificates for non domain
computers. I can't work out how or if its possible to
request a computer certificate manually.

Does anyone have any ideas ?

Thanks,
Chris

 

[Chris Vain]

Thanks,

I've loaded up both the Router Offline Template and the
IPSec Offline template. However, I'm running into an
error when trying to request a certificate via the Web:

"
Error


Your request failed. An error occurred while the server
was processing your request.

Contact your administrator for further assistance.



Failed to create 'CertificateAuthority.Request' object.
"

Ideas ?

Thanks,
Chris

-----Original Message-----
use the ipsec offline router template

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

You will need to use Web Enroll and enable the offline

ipsec template [I
think,

it is needed for l2tp] in the Certificate Authority

Management Console
under

policy settings. The user requesting the certificate needs to have local
administrator credentials and the CA certificate will

also need to be
requested

and installed. See the links below for more info. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/se curity/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-

us;253498 --- may be
of

help.

.

 

[Chris Vain]

Thanks,

I've loaded up both the Router Offline Template and the
IPSec Offline template. However, I'm running into an
error when trying to request a certificate via the Web:

"
Error


Your request failed. An error occurred while the server
was processing your request.

Contact your administrator for further assistance.



Failed to create 'CertificateAuthority.Request' object.
"

Ideas ?

Thanks,
Chris

-----Original Message-----
You will need to use Web Enroll and enable the offline ipsec template [I think,
it is needed for l2tp] in the Certificate Authority Management Console under
policy settings. The user requesting the certificate needs to have local
administrator credentials and the CA certificate will also need to be requested
and installed. See the links below for more info. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/se

curity/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en- us;253498 --- may be of
help.

I'm working on a using Microsoft (Windows2000)
Certificate Services as a certificate authority for PEAP
with IAS. I'm using Group Policy to automatically
distribute computer certificates to domain computers and
everything is working fine.

My one problem is the use of certificates for non domain
computers. I can't work out how or if its possible to
request a computer certificate manually.

Does anyone have any ideas ?

Thanks,
Chris

.

 

[Steven L Umbach]

Hi Chris.

I have not had that problem, but a Google search found the link below of
something to try that was mentioned in a couple of places and basically says
to: Hope it helps. --- Steve

- Open Internet Service Manager
- Go to the properties page for the site where the certsrv is installed.
- Go to Home Directory tab. Under Application Settings click the
Configuration
button.
- Go to the App Options tab and check Enable Session State.
- Restart IIS service.


http://www.derkeiler.com/Newsgroups/microsoft.public.windows.server.security/2003-10/0058.html

Thanks,

I've loaded up both the Router Offline Template and the
IPSec Offline template. However, I'm running into an
error when trying to request a certificate via the Web:

"
Error


Your request failed. An error occurred while the server
was processing your request.

Contact your administrator for further assistance.



Failed to create 'CertificateAuthority.Request' object.
"

Ideas ?

Thanks,
Chris

-----Original Message-----
You will need to use Web Enroll and enable the offline ipsec template [I think,
it is needed for l2tp] in the Certificate Authority Management Console under
policy settings. The user requesting the certificate needs to have local
administrator credentials and the CA certificate will also need to be requested
and installed. See the links below for more info. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/se

curity/cawebsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en- us;253498 --- may be of
help.

I'm working on a using Microsoft (Windows2000)
Certificate Services as a certificate authority for PEAP
with IAS. I'm using Group Policy to automatically
distribute computer certificates to domain computers and
everything is working fine.

My one problem is the use of certificates for non domain
computers. I can't work out how or if its possible to
request a computer certificate manually.

Does anyone have any ideas ?

Thanks,
Chris

.