About Me

My photo
This is a blog for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.


CA woes

My new project is kicking off, and my first task is to build my lab.

As the new project involves LCS 2005, I need to be able to issue PKI, so I installed my CA  - but I did it as an Enterprise CA on a ws03 Std server.

Because LCS 2005 is such a bear on certs, my first round of testing on the CA involved getting some test certs with SAN entries that included exportable private keys.  Just to make sure I can do it and have it be right the first time through.

This forced me to relearn certutil.exe and certreq.exe.

I also relearned certreq.inf files....very handy - I cannot believe I ever stopped using that method.  Well, I know why: OCS 2007 has a cert wizard that works really well.

At any rate it seems that there is no way to get an Enterprise CA running on ws03/08 standard edition server to give you private keys.  The issue is converting/duplicating the existing webserver template which makes the new template a v2 template - and to use that new template requires enterprise server edition.  arrrgh.

No amount of tweaking the inf file allowed me to get a private key with the cert - the private key simply is not included with the issued certificate.

My search for a solution will continue, as I need this to work.  My short term solution was to fall back to a Standalone CA, which allows the private keys very easily.  arrgh.  I wanted an Enterprise CA.

No comments:

test 02 Feb

this is a test it’s only a test this should be a picture