Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
1
vote
1 answer

Decommissioning PKI - How do I set a CRL Next update to null?

I am planning on deploying two Windows 2008R2 PKIs: One for legacy devices that don't support SHA-2 / ECP and another one that does support it. When the time comes to decommission the SHA1 environment I want to have the CRL next update be the last…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
1
vote
1 answer

Domain Environment + Certificate Authority + Server 2008 R2

I have recently been delegated the task to setup a CA in our domain environment and have a question on why Microsoft does somethings the way they do lol. I have been trying to read up on what the best practices are for going about this task, and…
user1110302
  • 13
  • 3
1
vote
1 answer

Using Microsoft CA to create TLS key/cert for Postfix

I'm trying to configure a postfix mailserver to use TLS encryption for SMTP (and IMAP with dovecot, but I haven't gotten to that point yet). It's running on a Fedora 14 machine and I'm using webmin to manage it. I have a Windows domain with the DC…
Eric
  • 13
  • 4
1
vote
1 answer

How to publish a CRL for an internal Windows certification authority?

I have an Active Directory domain with an Enterprise Root Certification Authority in it; the domain uses a private domain name ("domain.local"), and we also have a public domain name ("domain.com"). The domain contains the following…
Massimo
  • 70,200
  • 57
  • 200
  • 323
1
vote
1 answer

How can we clear CRL cache in Windows Server 008 using certutil command?

I know we can clear the CRL Cache in Windows Server 2008 using the certification authority UI. However, I want to automate the process and therefore looking a way to do it from command line. Is it possible using certutil or any other default…
Andy Brikshaw
  • 13
  • 1
  • 3
1
vote
1 answer

Certificate Enrollment Control has stopped working on localhost AD CA server?

I'm having strange issue with my current AD CA server, when I try to generate a certificate by using the url https://localhost/certsrv/certrqma.asp I got the following error eventhough I did the following steps: Login to the server using…
Senior Systems Engineer
  • 1,275
  • 2
  • 33
  • 62
1
vote
1 answer

powershell and remote signing

I've created a power shell script to run on start-up but its not working. I've never run a script through group policy so i don't know what the restrictions/best practices are. I've been told i need to sign the script. After some reading i think…
resolver101
  • 301
  • 3
  • 7
  • 17
1
vote
2 answers

Requesting certificates fails in different site

I'm not really sure where to start looking When requesting a certificate, a server always gets the error message "You cannot request a certificate at this time because no certificate types are available". Then for each certificate the error is "The…
marcwenger
  • 235
  • 1
  • 6
  • 21
1
vote
1 answer

Certificate issed to DC on every restart

I have installed 2 CA onto 2 Windows 2008R2 VM, one being an offline root CA and the other is intended to be the issuing CA. However I found that a DC (a 2008R2 VM) is requesting 2 certificates, namely Domain Controller Authentication and Directory…
William
  • 163
  • 1
  • 10
1
vote
3 answers

Are code signing certificates automatically trusted across the domain if the root CA is trusted?

We have a Microsoft enterprise certificate authority, and I would like to start issuing a few code signing certificates. But what I'm unsure of is this: since all our domain/forest machines trust the internal CA, when I issue code signing…
ewall
  • 1,064
  • 3
  • 15
  • 23
1
vote
1 answer

Can I remove the DC role from a W2k8 server being an Enterprise CA?

Is it possible to run a W2k8 Enterprise (AD-integrated) Certificate Authority on a server that it not a domain controller - mine currently is a DC and I do not remember whether this was a requirement? If so, can I run dcpromo to demote a server that…
Christoph
  • 309
  • 7
  • 16
1
vote
1 answer

I can't install Enterprise root CA in windows 2003

I am trying to install Enterprise CA in my windows server 2003.But I can select only stand alone root CA and the stand alone subordinate CA. Other two options are not highlighted. Can anybody give me the possible reasons for it? Thanks in advance.(I…
ashok
  • 13
  • 2
1
vote
1 answer

Server 2003 Certificate Authority

I have a Certificate Authority installed on Windows Server 2003 R2 Enterprise Edition, I am looking at auto enrollment. When I go into the Certificate Authority mmc I cannot see Certificate Templates listed and I don't have Actions => New =>…
Phil Eddies
  • 356
  • 1
  • 8
1
vote
0 answers

Change name of Win Server 2008 computer after CA install

I am importing an old certificate database into the new CA on a new server I'm installing. I am warned by Windows that I can't change the computer name, domain settings, etc., after installing the CA. However, I may need to change the name or domain…
jeffcook2150
  • 225
  • 1
  • 2
  • 7
1
vote
1 answer

Windows 2008 CA and Windows 2003 AD?

I have a Windows 2003 AD and I set up a root ca and a sub ca both of which are windows 2008(joined to domain).I need to use the sub ca to generate end user certificates for digital signature , they should be able generate from the url (self enroll).…
abmv
  • 125
  • 8
1 2 3
16 17