My new project is kicking off, and my first task is to build my lab.
As the new project involves LCS 2005, I need to be able to issue PKI, so I installed my CA - but I did it as an Enterprise CA on a ws03 Std server.
Because LCS 2005 is such a bear on certs, my first round of testing on the CA involved getting some test certs with SAN entries that included exportable private keys. Just to make sure I can do it and have it be right the first time through.
This forced me to relearn certutil.exe and certreq.exe.
I also relearned certreq.inf files....very handy - I cannot believe I ever stopped using that method. Well, I know why: OCS 2007 has a cert wizard that works really well.
At any rate it seems that there is no way to get an Enterprise CA running on ws03/08 standard edition server to give you private keys. The issue is converting/duplicating the existing webserver template which makes the new template a v2 template - and to use that new template requires enterprise server edition. arrrgh.
No amount of tweaking the inf file allowed me to get a private key with the cert - the private key simply is not included with the issued certificate.
My search for a solution will continue, as I need this to work. My short term solution was to fall back to a Standalone CA, which allows the private keys very easily. arrgh. I wanted an Enterprise CA.
No comments:
Post a Comment