T
Tim D
Problem:
After installing the Certificate Services Web enrollment pages update
KB922706 on Windows Server 2003 the “install this CA certificate†link
generates an invalid security certificate for Windows Vista clients.
More:
For Vista clients, the screen to install the digital certificate states that
“the Certificate you requested was issued to you†after the certificate is
issued and then provides a link to “Install this certificateâ€Â. It then lists
“This CA is not trusted. To trust certificates issued from this certification
authority, install this CA certificate.â€Â
After selecting “install this CA certificate†a file named certnew.cer is
generated. Saving or directly opening both result in an error message being
displayed with the title “invalid public key security object file†and the
message “this file is invalid for use as the following: Security Certificateâ€Â.
Steps that I’ve already taken:
The web enrollment URL was added to the trusted sites in IE7 on Vista.
I’ve tried “Run as administrator†on IE7 to make the certificate request.
SP2 has been applied on the Windows Server 2003 CA server.
The ActiveX security settings look OK.
Note:
The web enrollment continues to work for Windows XP clients.
My Current Workaround:
Exporting the Root Certificate from an XP computer and installing it on the
Vista client enabled the web enrollment process to work. Using an advanced
request and selecting a 2048 key size created a certificate that could be
installed.
Server:
Microsoft Windows Server 2003
Standard Edition
Service Pack 2
Client:
Windows Vista Enterprise
Service Pack 1
Question:
How can I get the web enrollment process to install the Root Certificate
automatically using Vista Clients without requiring the workaround?
After installing the Certificate Services Web enrollment pages update
KB922706 on Windows Server 2003 the “install this CA certificate†link
generates an invalid security certificate for Windows Vista clients.
More:
For Vista clients, the screen to install the digital certificate states that
“the Certificate you requested was issued to you†after the certificate is
issued and then provides a link to “Install this certificateâ€Â. It then lists
“This CA is not trusted. To trust certificates issued from this certification
authority, install this CA certificate.â€Â
After selecting “install this CA certificate†a file named certnew.cer is
generated. Saving or directly opening both result in an error message being
displayed with the title “invalid public key security object file†and the
message “this file is invalid for use as the following: Security Certificateâ€Â.
Steps that I’ve already taken:
The web enrollment URL was added to the trusted sites in IE7 on Vista.
I’ve tried “Run as administrator†on IE7 to make the certificate request.
SP2 has been applied on the Windows Server 2003 CA server.
The ActiveX security settings look OK.
Note:
The web enrollment continues to work for Windows XP clients.
My Current Workaround:
Exporting the Root Certificate from an XP computer and installing it on the
Vista client enabled the web enrollment process to work. Using an advanced
request and selecting a 2048 key size created a certificate that could be
installed.
Server:
Microsoft Windows Server 2003
Standard Edition
Service Pack 2
Client:
Windows Vista Enterprise
Service Pack 1
Question:
How can I get the web enrollment process to install the Root Certificate
automatically using Vista Clients without requiring the workaround?