Announcement

Collapse
No announcement yet.

Windows Server 2003 Certificate Authority Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows Server 2003 Certificate Authority Problem

    Hi to all.

    I installed Windows Server 2003. I installed Active directory and Enterprise Root CA. While installing Root CA i given the name for CA as "Test". If we generate Server or client certificates by this (Test) CA. Is those certificates trusted by web browsers like Firefox and Internet Explorer. The "Test" CA is not included in Trusted Authorities list of web browsers. I placed the certificates in Trusted Root Certificates Authorities Certificates folder and in Personal Certificates folder also. Is there a way to trust these certificates by browsers.

    How can i overcome this situation.

    Thanks
    Girish G

  • #2
    Re: Windows Server 2003 Certificate Authority Problem

    the certificates will only be trusted by systems within your realm.
    Even then, you may need to ensure the root certificate is installed for each browser.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Windows Server 2003 Certificate Authority Problem

      1. Add Test (the Enterprise Root CA cert) into Default Domain Policy, under Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities. By doing so, all domain PCs will trust this CA.

      2. Ensure the Test(Root CA)'s CDP (Certificate Revocation List Distribution Point) is accessable to all users.

      3. Publish CRL (Certificate Revocation List) regularly.

      In summary, a cert is validated by:
      a. Validity period
      b. Compare the name of the server against the name in the cert
      c. Cert is termiated into a trusted root CA
      d. Along the cert chain, none of the cert has been revoked.

      Comment


      • #4
        Re: Windows Server 2003 Certificate Authority Problem

        My previous suggestion works for IE.

        For Firefox, use its options->Advanced->Encryption->View Certificates to manage its trust root CA.

        Comment

        Working...
        X