Server 2008 Certificate Signing Request

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: vrabuffo PostPosted: Tue Dec 14, 2010 4:37 pm    Post subject: Server 2008 Certificate Signing Request
    ----
A quick question---Can a server 2003 CA sign a Server 2008 CSR.

We have a 2003 AD domain with the domain controller being the Certificate Authority. I created a CSR on a 2008 domain member using IIS.

When trying to sign the request I recieved an error--The request contains no certificate template information" I used the certreq command to finally sign it designating the "WebServer" template but not sure if thats correct.

Any feedback would be appreciated.

Author: Fire AntLocation: London PostPosted: Wed Dec 15, 2010 1:10 pm    Post subject:
    ----
vrabuffo,

On the 2003 CA Server there is a web portal for Registration Authority (RA). Upload the CSR to the RA in IIS and then the CSR will appear as an item requested certificate in the CA snap-in. Right click and sign the request.

Voila.

Fire Ant

Author: vrabuffo PostPosted: Wed Dec 15, 2010 3:59 pm    Post subject: A quick question---Can a server 2003 CA sign a Server 2008 C
    ----
Thank you, that did work to create the certificate but now I receive an error---The security certificate presented by this server was issued for a different server address.

This error appears when I use the https address via online plugin to connect to our new xenapp6 server.

Author: Fire AntLocation: London PostPosted: Thu Dec 16, 2010 12:38 pm    Post subject:
    ----
I suspect this is an issue with the CN field in the Distinguished Name attribute.

For example:
Your cert has the following: CN=myserver.com

You connect to www.myserver.com, both addresses resolve to the same IP. The browser will compare the address you typed to that in the CN and if they don't match then non-fatal error!

To fix the problem you need to either connect to the address in the CN or create a cert with a CN to the address which you app is connection to.

Fire Ant



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group