Issue a pending certificate request CA 2003

Discussion in 'Server Security' started by Samuel Leuthold, Sep 17, 2004.

  1. After requesting a certificate the request goes to the pending requests que
    like i configured it in the policy module.
    Then i can issue or deny it.
    My problem is that when i issue the certificate the client isn't getting
    notice of that and the certificate is still under Certificate Enrollment
    Requests in the Certificates Snap/In.
    I request the certificate over the Certificates Snap/in.

    Can someone tell me where and how the client could check if the request is

    I tried to watch the pending requests over de web but i can't see some
    pending requests despite of there are some in the que.

    Thanks for help!
    Samuel Leuthold, Sep 17, 2004
    1. Advertisements

  2. David Cross [MS], Sep 17, 2004
    1. Advertisements

  3. Thank you very much
    It worked fine this way!

    Samuel Leuthold, Sep 17, 2004
  4. Samuel Leuthold

    Brian Komar Guest>, =?Utf-8?B?U2FtdWVsIExldXRob2xk?=
    Unless you have enabled the certificate template to
    enable autoenrollment, the user is not notified of
    issuance in the Certificates MMC console.

    It is recommended to request pended certificates via the
    Web enrollment Web pages, as they implement a cookie so
    that the client can track the status of the pending
    certificate request.

    You still can complete the request at the client
    computer, if you look up the request ID at the CA.
    Once the request ID is known, the user must type the
    following commands (assuming you are running Windows XP
    at the client)

    certreq -retrieve <requestID> <certfile.cer>

    This retrieve the issued certificate for requestID into
    the file certfile.cer

    Then the user must type:
    certreq -accept <certfile.cer>

    This place the certificate into the current user's store
    and associates the certificate with the key pair
    generated when the request was submitted to the CA.

    Brian Komar, Sep 20, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.