Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ad-certificate-services]

Active Directory Certificate Services is a role first made available in Windows Server 2008. Previously it was known as certificate services.

Active Directory Certificate Services is a set of technologies from Microsoft that offer the ability to create a PKI infrastructure.

Active Directory Certificate Services specific documentation are collated at http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx

242 questions
2
votes
2 answers

ADCS - How can I diagnose the exact reason a certificate request was denied by a policy module?

I need to develop operational procedures to audit and understand why a specific request was rejected by an Active Directory Certificate Services (ADCS) Policy Module. I've attempted turning on all logging (checkboxes) in the GUI, and checked the…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
2
votes
0 answers

Does the Windows Certification Authority support CMC Requests with CRMF Request Body?

I have a program that generates CMC certificate requests with a CRMF Request Body. When I submit this request to a certification authority running on Windows Server 2008 R2 Enterprise it always fails with the error ASN1 corrupted data. 0x80093103…
Reboot
  • 173
  • 1
  • 3
2
votes
2 answers

Can a Windows Server CA separate code-signing keys from keys for other purposes?

I am a software developer. My team encrypts the sensitive sections of our ASP.NET web.config files. aspnet_regiis.exe is used to manage the local key store, encrypt and decrypt. I want to build a quick key-manager tool to avoid remembering its…
Emyr
  • 153
  • 2
  • 7
2
votes
1 answer

Microsoft offline root CA CDP and AIA http URLs are hard coded - trouble ahead?

I'm new with ADCS, and there is a lot to understand. I set up a 2-tier PKI, and have placed the offline root CA certificate (CRT) and CRL files on a web server pointing to with a CNAME in DNS. When I configured the CDP and AIA extensons for certs…
Dmart
  • 304
  • 1
  • 3
  • 10
2
votes
1 answer

How to setup SSL for Active Directory?

I have a Windows 2008 Server (Base2) machine. In Server Manager > Roles, i can see: 1. Active Directory Domain Services 2. DNS Server 3. Active Directory Certificate Services. Under Active Directory Certificate Services > mydomain > Issued…
Jasper
  • 297
  • 2
  • 4
  • 11
2
votes
0 answers

Unable to request new certificate: access denied. (2008 R2)

When trying to request a new certificate for DomainControllerAuthentication from our DC designated as the CA, we keep receiving an access denied error. The following events are generated in the event viewer: Log Name: Application Source: …
Andrew Moore
  • 562
  • 1
  • 5
  • 15
2
votes
1 answer

Missing subject field values in user certificate (Windows)

I am trying to enroll (on behalf of) a user certificate but certain fields appear to be missing in the subject field. Specifically, O and OU. Using ADSI, I see that the fields have the values I want but when I generate the certificate using Enroll…
nwang
  • 21
  • 1
  • 3
2
votes
1 answer

Unable to submit certificate request to 2k8R2 CA

I have created a two-tier CA using Windows Server 2008 R2. The .inf files used to create this standalone root and an enterprise subCA are at the end of this post. The root is installed OK and issued a certificate to the SubCA. The SubCA has in turn…
morleyc
  • 1,150
  • 13
  • 47
  • 89
2
votes
1 answer

Migrating from a standalone to enterprise CA

I want a peaceful transition from an old standalone CA into an enterprise CA. I am intending to offline the server on completion of this process. My thought process is to publish a CRL with a long window on the standalone CA and stop the…
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
2
votes
3 answers

Run `certutil -DCInfo` on a different target domain

It seems that running certutil.exe -DCInfo Verify will check the certificates for all domain controllers in the domain of the logged-in user account. In our AD forest, we have a handful of domains. I only have a unique account in two of them, but…
ewall
  • 1,064
  • 3
  • 15
  • 23
2
votes
2 answers

Domain Controller promotion and certificate autoenrollment

I have this AD domain where a Windows Server 2003 SP2 Enterprise Root Certification Authority is operational, and certificate autoenrollment is enabled both for users and computers; all fine and good, every domain-joined computer automatically gets…
Massimo
  • 70,200
  • 57
  • 200
  • 323
2
votes
1 answer

PKI Issuing CA on Domain Controllers

I am setting up a PKI which will initially be used internally. As we may grow our use of this I have opted for a three tier hierarchy - Offline Root and Policy CAs (one Policy CA at the moment for internal use), and online issuing CAs. We had…
dunxd
  • 9,632
  • 22
  • 81
  • 118
2
votes
1 answer

Using an AD-integrated Enterprise CA to issue an Exchange 2010 certificate

I have a small test network that includes Win2k8 R2 machines, an Enterprise CA server and an Exchange 2010 SP1 RU1 CAS server. I would like to issue a certificate for Exchange from the CA. As the first step, I created the certificate request, which…
Zizzencs
  • 947
  • 1
  • 10
  • 22
2
votes
1 answer

How to set the lifetime of a CA certificate?

I'm trying to install a subordinate CA with Microsoft ADCS and when I do, it creates a .req file. Then I use that at the root CA to issue a certificate. The resulting certificate is always for 5 years. I want it to be 10. I have tried setting…
Roman
  • 405
  • 1
  • 7
  • 21
2
votes
2 answers

No certificate templates in Certificate Services server on Windows 2019

There are a lot of discussions on here about this problem, and I have spent all day exploring every one of them. All the servers involved in this are Windows 2019. 2 domain controllers and a certificate authority server. After installing the…
Geoff Sweet
  • 123
  • 1
  • 4
1 2 3
16 17