Announcement

Collapse
No announcement yet.

Problem in MS Windows Server 2008 3 tier PKI

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem in MS Windows Server 2008 3 tier PKI

    Hi,
    I have setup a three(3) tier windows server 2008 enterprise PKI infrastructure . Every thing is working fine but the main problem is that that we can not generate/request a certificate from a PC on a workgroup i.e. certifcate can be only generated/requested from a PC which is a part of the same domain as Online CA.
    I have already added the certificate chain under the trusted root authourity.
    If any one has any idea then please help.

    with regards,

  • #2
    Re: Problem in MS Windows Server 2008 3 tier PKI

    And what doesn't work exactly?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Problem in MS Windows Server 2008 3 tier PKI

      HI,
      sorry for late replying,
      The main problem is that we cannot generate/request certificate from a PC on a workgroup, certificate can only be requested/generated from PC on that is on that same domain on which the Online CA is.

      Comment


      • #4
        Re: Problem in MS Windows Server 2008 3 tier PKI

        How do you request a certificate? Using a webbrowser or using a MMC snapin?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Problem in MS Windows Server 2008 3 tier PKI

          Hi,
          I request a certificate using a web browser.

          Comment


          • #6
            Re: Problem in MS Windows Server 2008 3 tier PKI

            Off the top of my head, I'm pretty sure that the website uses Integrated Windows Authentication, so will only allow Domain Members to connect to it. Anytime I've had to generate certificates for non-domain members I've done it from the command line using the certreq command.
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment


            • #7
              Re: Problem in MS Windows Server 2008 3 tier PKI

              Hi,
              Thanks for the reply,
              I will try certreq command, but what about the end users, i.e. certreq cannot be used by everyone in the organization,web browser is an easy method.

              Comment


              • #8
                Re: Problem in MS Windows Server 2008 3 tier PKI

                Have anyone implemented PKI on windows 2008 at enterprise Level?

                Comment


                • #9
                  Re: Problem in MS Windows Server 2008 3 tier PKI

                  Besides my lab I haven't.
                  It doesn't really sell that great sadly enough... However, in Enterprises usually the deployment is done by GPO's and autoenrollment.

                  Disableing Integrated Authentication should do the trick for non domain members.
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment

                  Working...
                  X