Re: Certificate Server help needed

Hello Glenn,

I will crosspost this to:
microsoft.public.windows.server.security

Also think about using this forum:
http://social.technet.microsoft.com/...curity/threads

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I'm going through a process on a non-windows server, but one that is
> part of the domain, to get a certificate from our domain's certificate
> server.
>
> It doesn't prompt you for the FQDN, OU, location, etc., instead it has
> you enter the "LDAP entries required by your CA" in a field the
> software calls "Distinguished Name".
>
> It gives an example of
> cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Spri
> ngfield,ST=Illinois,C=US
>
> I've tried, a few times, changing that line to my information, going
> through the request a certificate, import it, etc., but instead of it
> showing up as being used to the FQDN, it shows up as being issued to
> me (personally, my last name, first name shows up). I don't even
> include that in the Distinguished Name field, so it must pull it from
> my login.
>
> How can I request a certificate in this format so it will issue it to
> my FQDN?
>
> Thanks in advance,
> Glen

>> I'm going through a process on a non-windows server, but one that is
>> part of the domain, to get a certificate from our domain's certificate
>> server.
>>
>> It doesn't prompt you for the FQDN, OU, location, etc., instead it has
>> you enter the "LDAP entries required by your CA" in a field the
>> software calls "Distinguished Name".
>>
>> It gives an example of
>> cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Spri
>> ngfield,ST=Illinois,C=US
>>
>> I've tried, a few times, changing that line to my information, going
>> through the request a certificate, import it, etc., but instead of it
>> showing up as being used to the FQDN, it shows up as being issued to
>> me (personally, my last name, first name shows up). I don't even
>> include that in the Distinguished Name field, so it must pull it from
>> my login.
>>
>> How can I request a certificate in this format so it will issue it to
>> my FQDN?
>>
>> Thanks in advance,
>> Glenn
>
>

Hi,

can you be more specific on how you are requesting a certificate. Please include
at least these information.

1. How is the request generated (what application is used).
2. How is the request submitted to CA.
3. Do you use enterprise or standalone certificate server.
4. If you use enterprise certificate server, what kind of certificate template
are you enrolling.

Regards

Martin

--
Replace nospam with google's mail for e-mail communication

To answer your questions,

1) I am generating the request using Avaya Application Enablement Services.
It generates the code at the end (---Begin Certificate----, etc.) which I
copy to the clipboard.
2) I then go to http://myserver/certsrv and click "Request a certificate",
then "advanced certificate request", then "Submit a certificate request by
using a base-64..." I then paste the clipboard into the saved request area
and click submit. I download it as base 64
3) Standalone certificate server (as far as I can tell).

Thanks.


"Martin Rublik" <> wrote in message
news:%....
>>> I'm going through a process on a non-windows server, but one that is
>>> part of the domain, to get a certificate from our domain's certificate
>>> server.
>>>
>>> It doesn't prompt you for the FQDN, OU, location, etc., instead it has
>>> you enter the "LDAP entries required by your CA" in a field the
>>> software calls "Distinguished Name".
>>>
>>> It gives an example of
>>> cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Spri
>>> ngfield,ST=Illinois,C=US
>>>
>>> I've tried, a few times, changing that line to my information, going
>>> through the request a certificate, import it, etc., but instead of it
>>> showing up as being used to the FQDN, it shows up as being issued to
>>> me (personally, my last name, first name shows up). I don't even
>>> include that in the Distinguished Name field, so it must pull it from
>>> my login.
>>>
>>> How can I request a certificate in this format so it will issue it to
>>> my FQDN?
>>>
>>> Thanks in advance,
>>> Glenn
>>
>>
>
> Hi,
>
> can you be more specific on how you are requesting a certificate. Please
> include
> at least these information.
>
> 1. How is the request generated (what application is used).
> 2. How is the request submitted to CA.
> 3. Do you use enterprise or standalone certificate server.
> 4. If you use enterprise certificate server, what kind of certificate
> template
> are you enrolling.
>
> Regards
>
> Martin
>
> --
> Replace nospam with google's mail for e-mail communication

Problem solved. I needed to use the web server template.


"Glenn" <> wrote in message
news:...
> To answer your questions,
>
> 1) I am generating the request using Avaya Application Enablement
> Services. It generates the code at the end (---Begin Certificate----,
> etc.) which I copy to the clipboard.
> 2) I then go to http://myserver/certsrv and click "Request a
> certificate", then "advanced certificate request", then "Submit a
> certificate request by using a base-64..." I then paste the clipboard into
> the saved request area and click submit. I download it as base 64
> 3) Standalone certificate server (as far as I can tell).
>
> Thanks.
>
>
> "Martin Rublik" <> wrote in message
> news:%....
>>>> I'm going through a process on a non-windows server, but one that is
>>>> part of the domain, to get a certificate from our domain's certificate
>>>> server.
>>>>
>>>> It doesn't prompt you for the FQDN, OU, location, etc., instead it has
>>>> you enter the "LDAP entries required by your CA" in a field the
>>>> software calls "Distinguished Name".
>>>>
>>>> It gives an example of
>>>> cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Spri
>>>> ngfield,ST=Illinois,C=US
>>>>
>>>> I've tried, a few times, changing that line to my information, going
>>>> through the request a certificate, import it, etc., but instead of it
>>>> showing up as being used to the FQDN, it shows up as being issued to
>>>> me (personally, my last name, first name shows up). I don't even
>>>> include that in the Distinguished Name field, so it must pull it from
>>>> my login.
>>>>
>>>> How can I request a certificate in this format so it will issue it to
>>>> my FQDN?
>>>>
>>>> Thanks in advance,
>>>> Glenn
>>>
>>>
>>
>> Hi,
>>
>> can you be more specific on how you are requesting a certificate. Please
>> include
>> at least these information.
>>
>> 1. How is the request generated (what application is used).
>> 2. How is the request submitted to CA.
>> 3. Do you use enterprise or standalone certificate server.
>> 4. If you use enterprise certificate server, what kind of certificate
>> template
>> are you enrolling.
>>
>> Regards
>>
>> Martin
>>
>> --
>> Replace nospam with google's mail for e-mail communication
>
>