For submitting arbitrary cert requests, you can use certreq.exe - that gives you the most flexibility.
Depending on the situation, there may be other options. As Desmond asked - why do you need a "Computer" certificate? That can generally be auto-enrolled by computers as required. As you looking for a server authentication certificate? In the web site, that's called a web server cert. Cheers Ken From: Sean Rector [mailto:[email protected]] Sent: Wednesday, 23 September 2009 10:15 PM To: NT System Admin Issues Subject: RE: PKI, Windows Server 2008 R2 DE - computer certs problem Permissions were definitely the issue - I was running IE as myself, instead of as an Admin. Now...what is the alternate method you speak of for submitting (& retrieving) a Client/Server Authentication certificate - I can't seem to find a walk-through of how it's done on Server 2008 R2 & my google-fu is failing me? I can find lots of walk-throughs on Server 2003. This - http://www.windowsnetworking.com/articles_tutorials/Vista-Windows-Server-2008-Advanced-Certificate-Request-Wizard.html - does not match what I am seeing, especially in Figure 23, as my certrqxt.asp has the templates drop-down and Computer is not an option. Sean Rector, MCSE From: Ken Schaefer [mailto:[email protected]] Sent: Tuesday, September 22, 2009 8:14 PM To: NT System Admin Issues Subject: RE: PKI, Windows Server 2008 R2 DE - computer certs problem Look at the permissions on the actual certificate template in question. You are looking for accounts that are "permitted to enrol" that type of certificate. My guess is that you are looking for a "server authentication" certificate (what the website says is a web server certificate). If you access the page as an Administrator (or alter the permissions of the cert tempaltes) then you'll see this template as an available option. NOTE: v3 templates do not show up on the website enrolment page. You have to request them using an alternate method. Cheers Ken From: Sean Rector [mailto:[email protected]] Sent: Tuesday, 22 September 2009 11:46 PM To: NT System Admin Issues Subject: PKI, Windows Server 2008 R2 DE - computer certs problem Hello, We've recently install two Windows Server 2008 Datacenter Edition servers for Hyper-V hosts, AD, and AD Cert. Services. One of the servers holds the FSMO roles and the other is the CA. The problem I've run into is in the Web app for submitting certificate requests. I've successfully created the request on the workstation (mine...to test it), but when I get to the web page for pasting the text of the request, there is only Basic EFS or User in the dropdown for Certificate Template. How do I get Computer (or the Windows Server 2008 Enterprise version) to show up as a possible template in the drop-down? Sean Rector, MCSE Information Technology Manager Virginia Opera Association E-Mail: [email protected]<mailto:[email protected]> Phone: (757) 213-4548 (direct line) Information Technology Manager Virginia Opera Association E-Mail: [email protected]<mailto:[email protected]> Phone: (757) 213-4548 (direct line) {+} Virginia Opera's 35th Anniversary Season<http://www.vaopera.org> The One You Love Celebrate with a 2009-2010 Subscription: La Bohème<http://www.vaopera.org/html/currentoperas/opera1.cfm>, The Daughter of the Regiment<http://www.vaopera.org/html/currentoperas/opera2.cfm>, Don Giovanni<http://www.vaopera.org/html/currentoperas/opera3.cfm> and Porgy and BessSM<http://www.vaopera.org/html/currentoperas/opera4.cfm> Visit us online at www.vaopera.org<http://www.vaopera.org> or call 1-866-OPERA-VA The vision of Virginia Opera is to enrich lives through the powerful integration of music, voice and human drama ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
