About Me

My photo
This is a blog for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.

2009/01/22

CA woes

My new project is kicking off, and my first task is to build my lab.

As the new project involves LCS 2005, I need to be able to issue PKI, so I installed my CA  - but I did it as an Enterprise CA on a ws03 Std server.

Because LCS 2005 is such a bear on certs, my first round of testing on the CA involved getting some test certs with SAN entries that included exportable private keys.  Just to make sure I can do it and have it be right the first time through.

This forced me to relearn certutil.exe and certreq.exe.

I also relearned certreq.inf files....very handy - I cannot believe I ever stopped using that method.  Well, I know why: OCS 2007 has a cert wizard that works really well.

At any rate it seems that there is no way to get an Enterprise CA running on ws03/08 standard edition server to give you private keys.  The issue is converting/duplicating the existing webserver template which makes the new template a v2 template - and to use that new template requires enterprise server edition.  arrrgh.

No amount of tweaking the inf file allowed me to get a private key with the cert - the private key simply is not included with the issued certificate.

My search for a solution will continue, as I need this to work.  My short term solution was to fall back to a Standalone CA, which allows the private keys very easily.  arrgh.  I wanted an Enterprise CA.

No comments:

test 02 Feb

this is a test it’s only a test this should be a picture