Last post Aug 14, 2008 07:33 PM by Benderover
Jul 23, 2008 12:19 AM|tom11011|LINK
On DNS01, browse to http://PKIRoot/certsrv. Select Request a Certificate, and then select
Advanced certificate request.
Select Create and submit a request to this CA.
Select Web Server template as the certificate template.
In the Identifying Information For Offline Template section, enter the IP address of the DNS01 server for the
Fill in other fields in the Identifying Information For Offline Template section as appropriate for your organization.
In Keys Options, select the Store certificate in the local computer certificate store check box. Accept all other defaults.
In the Friendly Name box (at the bottom of the form), enter the IP address of the DNS01 server.
Follow the on-screen instructions to complete the certificate installation.
Jul 23, 2008 09:49 PM|tom11011|LINK
I know the product is new, but if someone can let me know if they have installed the certificate and actually had the choice "web server template" that could be helpful.
Jul 23, 2008 11:19 PM|tom11011|LINK
I believe I solved it, it's an IIS permissions issue on the cert server. Found this.
Web pages on an enterprise certification authority (CA) either don't generate certificates or generate certificates that are not valid.
Cause: For an enterprise CA, Web pages require that the user be authenticated. If the pages are set to allow anonymous connections, then the CA will either not generate certificates or will generate certificates that are not valid.
Solution: See Set security for access to certification authority Web pages.
The link than points you too....
Set security for access to certification authority Web pages
Updated: January 21, 2005
To set security for access to certification authority Web pages
Log on to the system as an Internet Information Services Administrator.
Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services.
In the console tree, right-click CertSrv, and click Properties.
• Internet Information Services/Computer Name/Web Sites/Default Web Site/CertSrv
On the Directory Security tab, under Anonymous access and authentication control, click Edit.
Clear all check boxes exceptIntegrated Windows authentication.
Aug 14, 2008 07:33 PM|Benderover|LINK
This is not a requirement to hmc working properly. You can skip this without a hassle. I would also be careful about using the DNS client and using a control panel to populate the fields. In the past (not sure about this version) DNS has been known to leave
objects behind and unable to remove the organization.