| Author |
Message |
Anette Andresen
Guest
|
 Posted:
Fri Jan 21, 2005 4:16 pm Post subject:
Use of a customized web server certificate template with IIS |
|
|
Hi
I am running an enterprise issuing CA in a Windows Server 2003 domain. A web
server with IIS (latest version) is also running in the domain. I would like
to issue a certificate to the IIS server based on a customized web server
certificate template (version 2 certificate template) from the Issuing CA,
and I wonder if this is possible and in that case how is it done?
In the PKI book from Brian Komar with the Microsoft PKI team it is said (on
page 385): "Although you can create a version 2 certificate template based
on the Web Server certificate template to enable modification of application
policies or certificate policies, this prevents use of the Internet
Information Services (IIS) Web Server Certificate Wizard. This wizard, ., is
hard-coded to use the Web Server certificate template display name and does
not allow use of a custom version 2 certificate template."
So this means that I will not be able to use the wizard at the IIS server,
but is there a way around this so that the IIS server's certificate can be
based on my own customized web server certificate template? And if, how
should it be done?
Thanks!
Anette |
|
| Back to top |
|
 |
Miha Pihler [MVP]
Guest
|
| Posted:
Sat Jan 22, 2005 3:31 am Post subject:
Re: Use of a customized web server certificate template with |
|
|
Hi Anette,
I believe this would only apply if you selected "Send the Request
Immediately to an Online CA" in Web Server Certificate Wizard.
You still have an option to save the request to a file (you select "Prepare
the Request Now, but send it later"). Whole process is described in Brian's
book on page 389 and continues to page 393. In step 8 on page 392 you would
select template that you prepared based on Web Server Certificate
template...
I hope this helps.
--
Mike
Microsoft MVP - Windows Security
"Anette Andresen" <anette_andresen@hotmail.com> wrote in message
news:uBamXJ6$EHA.3416@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi
I am running an enterprise issuing CA in a Windows Server 2003 domain. A
web server with IIS (latest version) is also running in the domain. I
would like to issue a certificate to the IIS server based on a customized
web server certificate template (version 2 certificate template) from the
Issuing CA, and I wonder if this is possible and in that case how is it
done?
In the PKI book from Brian Komar with the Microsoft PKI team it is said
(on page 385): "Although you can create a version 2 certificate template
based on the Web Server certificate template to enable modification of
application policies or certificate policies, this prevents use of the
Internet Information Services (IIS) Web Server Certificate Wizard. This
wizard, ., is hard-coded to use the Web Server certificate template
display name and does not allow use of a custom version 2 certificate
template."
So this means that I will not be able to use the wizard at the IIS server,
but is there a way around this so that the IIS server's certificate can be
based on my own customized web server certificate template? And if, how
should it be done?
Thanks!
Anette
|
|
|
| Back to top |
|
|
Anette Andresen
Guest
|
| Posted:
Tue Jan 25, 2005 2:55 pm Post subject:
Re: Use of a customized web server certificate template with |
|
|
Thanks Mike! It worked perfectly :-)
Anette
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:%23rTkZBAAFHA.2180@TK2MSFTNGP12.phx.gbl...
| Quote: | Hi Anette,
I believe this would only apply if you selected "Send the Request
Immediately to an Online CA" in Web Server Certificate Wizard.
You still have an option to save the request to a file (you select
"Prepare the Request Now, but send it later"). Whole process is described
in Brian's book on page 389 and continues to page 393. In step 8 on page
392 you would select template that you prepared based on Web Server
Certificate template...
I hope this helps.
--
Mike
Microsoft MVP - Windows Security
"Anette Andresen" <anette_andresen@hotmail.com> wrote in message
news:uBamXJ6$EHA.3416@TK2MSFTNGP09.phx.gbl...
Hi
I am running an enterprise issuing CA in a Windows Server 2003 domain. A
web server with IIS (latest version) is also running in the domain. I
would like to issue a certificate to the IIS server based on a customized
web server certificate template (version 2 certificate template) from the
Issuing CA, and I wonder if this is possible and in that case how is it
done?
In the PKI book from Brian Komar with the Microsoft PKI team it is said
(on page 385): "Although you can create a version 2 certificate template
based on the Web Server certificate template to enable modification of
application policies or certificate policies, this prevents use of the
Internet Information Services (IIS) Web Server Certificate Wizard. This
wizard, ., is hard-coded to use the Web Server certificate template
display name and does not allow use of a custom version 2 certificate
template."
So this means that I will not be able to use the wizard at the IIS
server, but is there a way around this so that the IIS server's
certificate can be based on my own customized web server certificate
template? And if, how should it be done?
Thanks!
Anette
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in