Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
3
votes
0 answers

Windows Sub CA not issuing certificates

I set up a fresh 2-tier PKI to try and replace an old broken PKI with a CA that was no longer available. Everything seems to be working between the offline root and online issuing CAs, but now I'm trying to move my DCs Domain Controller certs from…
fwrawx
  • 187
  • 3
  • 11
3
votes
1 answer

Cmdlets for AD CS deployment: Install-ADcsCertificationAuthority cmdlet failing when attempting to install an offline policy CA

I installed an offline root CA without issue using this command: Install-ADcsCertificationAuthority ` -OverwriteExistingKey ` <#In the case of a re-installation#> ` -AllowAdministratorInteraction ` -CACommonName ` "LAB Corporate Root CA"…
red888
  • 4,183
  • 18
  • 64
  • 111
3
votes
1 answer

Is it possible to include the private key in an openssl-generated CSR?

I'm using openssl on linux to generate a certificate signing request (CSR) that will be submitted to a Windows Certificate Services Certification Authority that has been configured to archive private keys. Unfortunately, I can't figure out how to…
John Ruiz
  • 323
  • 1
  • 4
  • 9
3
votes
1 answer

Child domain new cert request - certificate template permissions do not allow current user to enroll 0x80094012

I have the following AD configuration: rootca (standalone not domain connected) mydom.local dc1.mydom.local svr1.mydom.local subca.mydom.local(enterprise subordinate CA) other.mydom.local dc1.other.mydom.local svr1.other.mydom.local I can…
morleyc
  • 1,150
  • 13
  • 47
  • 89
3
votes
5 answers

Active Directory Certificate Services won't start - error 100

I've migrated my Active Directory Certificate services Enterprise CA to a new server (and from Windows 2003 R2 x86 to Windows 2008 R2 x64). I have been having problems with checking the Certificate Revocation Lists, but I've republished the…
Richard Gadsden
  • 3,686
  • 4
  • 29
  • 58
3
votes
2 answers

Cannot issue Computer cert to standalone computer from my ECA

All Windows 2K8R2 SP1 environment. I have a working Enterprise Certificate Authority in my domain. I want to issue a Computer certificate (for Server Authentication purpose) to an external, stand-alone machine. So I add the Certification Authority…
Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
3
votes
1 answer

Domain Controller autoenrollment - changing issuing CA

We are cleaning up our Windows PKI/CA environment and replacing our root CA with a new server. The current root CA has been issuing the following certificate templates for years now (in addition to the Subordinate certificate template): Kerberos…
TheCleaner
  • 32,627
  • 26
  • 132
  • 191
3
votes
4 answers

Deploying in-house ACME server for Microsoft ADCS?

I'm quite new to ACME, but already somewhat experienced with ADCS (Active Directory Certificate Services). We use ADCS for all our internal needs: client auth, VPN, EFS etc., also for issuing TLS certificates. Now, you may have already heard that…
StanTastic
  • 860
  • 1
  • 8
  • 25
2
votes
1 answer

Automatically renew certificate: Old cert gets archived, but no new one is issued

We are using Active Directory Certificate Services (AD CS) to issue certificates for internal web applications. We can manually request a certificate from the CA and it gets issued without problems. The auto-enrollment group policy is configured…
powerzone3000
  • 81
  • 2
  • 8
2
votes
2 answers

Certificate expiration does not match validity period in template (Windows CA)

I'm trying to request a new Bitlocker DRA certificate from my internal CA. The template is set to two years, as shown here Template I'm trying to request a new certificate via the Certificates MMC via "Personal > Certificates > All Tasks > Request…
user3708583
  • 21
  • 3
2
votes
1 answer

Unable to issue certificates after enabling SAN?

I have a Microsoft CA running, which does not have the SAN field enabled by default, so I have enabled it by certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 Before doing so, everything worked normally. After enabling the SAN…
jumpUpToTheCeiling
  • 21
  • 1
  • 2
2
votes
1 answer

ERR_CERT_COMMON_NAME_INVALID with internal AD CA wildcard

I have created an internal ADCS CA using this guide, and then submitted a certificate request to create a wild card certificate for my domain eds89.com. Intention behind this being to apply to some of my internally accessible test servers for access…
James Edmonds
  • 1,733
  • 10
  • 37
  • 59
2
votes
1 answer

Only one SAN when issuing certificate using Windows

I'm trying to issue a SAN application using Certificate Enrollment in Windows. I have an AD CS I'm using. I'm trying to use the Computer certificate template and in Properties I've specified multiple SANs. But, when the certificate has been issued,…
Mikael Dúi Bolinder
  • 326
  • 2
  • 3
  • 17
2
votes
3 answers

How to create cross certificates (or bridge CAs) in ADCS?

I'm trying to set up a trust between 2 untrusting forests, and I'd like to use either a cross-certificate or Bridge CA solution (not using AD trusts or CEP). I've found loads of advice saying that this can be done, but I can find anything on how to…
Jim ReesPotter
  • 308
  • 2
  • 10
2
votes
0 answers

Enroll on-behalf-of certificate using existing CSR file

Good day, I have a CSR (certificate signing request) file, which was generated on some remote non-domain station. I have created some AD user account. I have Enrollment Agent certificate signed for my own account. The question is: can I somehow…
Cat Mucius
  • 155
  • 1
  • 11
1 2 3
16 17