Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » 03 server cerificate
03 server cerificate [message #155548] Mon, 01 June 2009 22:48 Go to next message
Gerardo  is currently offline Gerardo  Costa Rica
Messages: 10
Registered: June 2009
Junior Member
Hi...

I've a problem... Im running 2003 server std edition, server is set to
give user certificates, which will be used for email encryption, when
this certificates are handled they are good for 1 year only... I need
to make them good for more time, I tried modifying the User
Certificate Template but its greyed out, what can I do to make it last
longer than 1 year?!

regards
Jerry
Re: 03 server cerificate [message #155558 is a reply to message #155548] Tue, 02 June 2009 04:43 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Gerardo,

I will crosspost this to:
microsoft.public.windows.server.security

Better place to ask for CA.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi...
>
> I've a problem... Im running 2003 server std edition, server is set to
> give user certificates, which will be used for email encryption, when
> this certificates are handled they are good for 1 year only... I need
> to make them good for more time, I tried modifying the User
> Certificate Template but its greyed out, what can I do to make it last
> longer than 1 year?!
>
> regards
> Jerry
Re: 03 server cerificate [message #155570 is a reply to message #155558] Tue, 02 June 2009 07:59 Go to previous messageGo to next message
J Wolfgang Goerlich  is currently offline J Wolfgang Goerlich  United States
Messages: 13
Registered: August 2009
Junior Member
Hello Jerry,

You need to create a new template based on the User template.

Open the Certification Authority console. Expand to Certificate
Templates, right-click, manage. In the Certificate Templates console,
right-click the User template and select Duplicate. Enter the new name
(e.g., Company User) for display name, and then increase the validity
period to your choosing.

Back in the Certification Authority console, right-click Certificate
Templates, New > Certificate Template to Issue. Select the Company
User template (or name that you specified earlier) and click Ok. Now
the CA can issue the new type of certificates.

From your description, I am not sure how you are giving the user
certificates. I am guessing you are using GPOs. You will need to
revisit that process and set it to use the new template.

Hope that helps,

--
J. Wolfgang Goerlich
http://www.jwgoerlich.us
http://www.linkedin.com/in/jwgoerlich

On Jun 2, 4:43 am, Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
wrote:
> I've a problem... Im running 2003 server std edition, server is set to
> give user certificates, which will be used for email encryption, when
> this certificates are handled they are good for 1 year only... I need
> to make them good for more time, I tried modifying the User
> Certificate Template but its greyed out, what can I do to make it last
> longer than 1 year?!
Re: 03 server cerificate [message #155595 is a reply to message #155570] Tue, 02 June 2009 10:42 Go to previous messageGo to next message
Gerardo  is currently offline Gerardo  Costa Rica
Messages: 10
Registered: June 2009
Junior Member
I tried that, I duplicate the user template..., but when I go into
Certificate Template to Issue, it does not show the template I made in
the previous process in the list.

Jerry.




On Jun 2, 5:59 am, J Wolfgang Goerlich <jwgoerl...@gmail.com> wrote:
> Hello Jerry,
>
> You need to create a new template based on the User template.
>
> Open the Certification Authority console. Expand to Certificate
> Templates, right-click, manage. In the Certificate Templates console,
> right-click the User template and select Duplicate. Enter the new name
> (e.g., Company User) for display name, and then increase the validity
> period to your choosing.
>
> Back in the Certification Authority console, right-click Certificate
> Templates, New > Certificate Template to Issue. Select the Company
> User template (or name that you specified earlier) and click Ok. Now
> the CA can issue the new type of certificates.
>
> From your description, I am not sure how you are giving the user
> certificates. I am guessing you are using GPOs. You will need to
> revisit that process and set it to use the new template.
>
> Hope that helps,
>
> --
> J. Wolfgang Goerlichhttp://www.jwgoerlich.ushttp://www.linkedin.com/in/j wgoerlich
>
> On Jun 2, 4:43 am, Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
> wrote:
>
>
>
> > I've a problem... Im running 2003 server std edition, server is set to
> > give user certificates, which will be used for email encryption, when
> > this certificates are handled they are good for 1 year only... I need
> > to make them good for more time, I tried modifying the User
> > Certificate Template but its greyed out, what can I do to make it last
> > longer than 1 year?!- Hide quoted text -
>
> - Show quoted text -
Re: 03 server cerificate [message #155613 is a reply to message #155595] Tue, 02 June 2009 12:57 Go to previous messageGo to next message
J Wolfgang Goerlich  is currently offline J Wolfgang Goerlich  United States
Messages: 13
Registered: August 2009
Junior Member
After duplicating it, did you add it to the CA? Certification
Authority console, right-click Certificate Templates, New >
Certificate Template to Issue.

--
J. Wolfgang Goerlich
http://www.jwgoerlich.us
http://www.linkedin.com/in/jwgoerlich

On Jun 2, 10:42 am, Gerardo <gerardo.a...@gmail.com> wrote:
> I tried that, I duplicate the user template..., but when I go into
> Certificate Template to Issue, it does not show the template I made in
> the previous process in the list.
>
> Jerry.
>
Re: 03 server cerificate [message #155615 is a reply to message #155613] Tue, 02 June 2009 13:16 Go to previous messageGo to next message
Gerardo  is currently offline Gerardo  Costa Rica
Messages: 10
Registered: June 2009
Junior Member
I tried that, but none of the options match the user template I
created before...

On Jun 2, 10:57 am, J Wolfgang Goerlich <jwgoerl...@gmail.com> wrote:
> After duplicating it, did you add it to the CA? Certification
> Authority console, right-click Certificate Templates, New >
> Certificate Template to Issue.
>
> --
> J. Wolfgang Goerlichhttp://www.jwgoerlich.ushttp://www.linkedin.com/in/j wgoerlich
>
> On Jun 2, 10:42 am, Gerardo <gerardo.a...@gmail.com> wrote:
>
>
>
> > I tried that, I duplicate the user template..., but when I go into
> > Certificate Template to Issue, it does not show the template I made in
> > the previous process in the list.
>
> > Jerry.- Hide quoted text -
>
> - Show quoted text -
Re: 03 server cerificate [message #155628 is a reply to message #155615] Tue, 02 June 2009 16:41 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Gerardo" <gerardo.arce@gmail.com> wrote in message
news:442714fa-8ef7-46ff-9e2a-7cca988b9f08@z5g2000vba.googlegroups.com...
>
> I tried that, but none of the options match the user template I
> created before...

What version of Windows Server is the CA installed on that you tried
creating the template?

FYI, the CA must be Windows Server Enterprise Edition to be able to create
and use a V2 certificate template. Standard or SBS does not support this
version, hence probably why you are not seeing it available.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Re: 03 server cerificate [message #155688 is a reply to message #155628] Wed, 03 June 2009 14:21 Go to previous messageGo to next message
Gerardo  is currently offline Gerardo  Costa Rica
Messages: 10
Registered: June 2009
Junior Member
Im indeed using Windows 2003 Server Standard Edition... I guess thats
my problem

Another question... if the certificate expires after 1 year, and a new
one is requested does it mean that all the emails encrypted with the
first one will be unreadable?!

On Jun 2, 2:41 pm, "Ace Fekay [Microsoft Certified Trainer]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "Gerardo" <gerardo.a...@gmail.com> wrote in message
>
> news:442714fa-8ef7-46ff-9e2a-7cca988b9f08@z5g2000vba.googlegroups.com...
>
>
>
> > I tried that, but none of the options match the user template I
> > created before...
>
> What version of Windows Server is the CA installed on that you tried
> creating the template?
>
> FYI, the CA must be Windows Server Enterprise Edition to be able to create
> and use a V2 certificate template. Standard or SBS does not support this
> version, hence probably why you are not seeing it available.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> ace...@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> checkhttp://support.microsoft.comfor regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right
> things." - Peter F. Druckerhttp://twitter.com/acefekay
Re: 03 server cerificate [message #155697 is a reply to message #155688] Wed, 03 June 2009 19:21 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Gerardo" <gerardo.arce@gmail.com> wrote in message
news:675f9dab-3e7b-463a-8b42-238220b0b0ba@y9g2000yqg.googlegroups.com...
Im indeed using Windows 2003 Server Standard Edition... I guess thats
my problem

Another question... if the certificate expires after 1 year, and a new
one is requested does it mean that all the emails encrypted with the
first one will be unreadable?!


I believe so. The certificate must be available, as well as the CA so it can
check the CRL (cert revocation list) or the cert won't work.

Yep, you need Enterprise. May as well pull out all the certs until you can
get Ent Edition running.

Ace
Re: 03 server cerificate [message #155859 is a reply to message #155697] Fri, 05 June 2009 14:17 Go to previous messageGo to next message
Gerardo  is currently offline Gerardo  Costa Rica
Messages: 10
Registered: June 2009
Junior Member
I used to request the certificates via a webpage http://x.x.x.x/certsrv
and it will show me an option that says: User Certificate and that was
it.

Now I'm testing on a 2003 enterprise box, and its showing a whole
bunch of options before requesting for the certificate, is it a way to
make it easier for the end users? like it used to be with the user
template?

Regards,
Jerry

On Jun 3, 5:21 pm, "Ace Fekay [Microsoft Certified Trainer]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "Gerardo" <gerardo.a...@gmail.com> wrote in message
>
> news:675f9dab-3e7b-463a-8b42-238220b0b0ba@y9g2000yqg.googlegroups.com...
> Im indeed using Windows 2003 Server Standard Edition... I guess thats
> my problem
>
> Another question... if the certificate expires after 1 year, and a new
> one is requested does it mean that all the emails encrypted with the
> first one will be unreadable?!
>
> I believe so. The certificate must be available, as well as the CA so it can
> check the CRL (cert revocation list) or the cert won't work.
>
> Yep, you need Enterprise. May as well pull out all the certs until you can
> get Ent Edition running.
>
> Ace
Re: 03 server cerificate [message #155868 is a reply to message #155859] Fri, 05 June 2009 21:41 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Gerardo" <gerardo.arce@gmail.com> wrote in message
news:16b1e31e-1221-40b9-a8e3-17b5780604ba@e20g2000vbc.googlegroups.com...
I used to request the certificates via a webpage http://x.x.x.x/certsrv
and it will show me an option that says: User Certificate and that was
it.

Now I'm testing on a 2003 enterprise box, and its showing a whole
bunch of options before requesting for the certificate, is it a way to
make it easier for the end users? like it used to be with the user
template?

Regards,
Jerry

========================

Jerry,

It's not that fact that Enterprise makes it easier, rather the fact that it
has the options that you need to construct your PKI infrastructure, such as
the v2 certificate template you need in order to create the certificates for
your user base. I hope that makes sense?

Ace
Previous Topic:how to populate custom attributes
Next Topic:1 of 2 domain controllers down and users cannot login to the domai
Goto Forum:
  


Current Time: Sun Sep 24 15:30:43 EDT 2017

Total time taken to generate the page: 0.64777 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software