No announcement yet.

Certificate enrollment question

  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate enrollment question

    I have been experimenting with Server 2008 R2 PKI(smart cards and EFS mostly), and so far had some success. However something seemed very..strange. I experimated with setting one of the cert. templates, the 2008 enrollment cert to require CA manager approval. I requested the certificate using the certificates MMC, and at the end it stated the request had been submitted, and there was then a certificate in "certificate enrollment requests". However, even after approving the request in the CA, it still showed in the certificate enrollment requests on the client, stating that I had the private key, but it was not trusted. I went back to the CA, and exported the binary data of the issued certificate as a .cer, and imported it on the client, and now ther certificate correctly under "personal". Is this the way the process is supposed to work, or should it have automatically completed in the MMC once I approved the certificate. My understanding is that version 2008 templates cannot be used with web enrollment, and when I checked the certificate web page, I did not see any pending certs.

    Also, how do you enroll smartcards when CA manager approval is required? Every time I tried, it would crash the mmc, after asking for the smart card pin and the cert being approved on the CA