0

I've got a problem with renewing server certificate:

when I get to the IIS Manager => Server Certificates and when I try to renew right certificate, I can't find proper CA on the list - theres only Win 2012 machine and there should be also Win 2008.
Just take a look at the screenshot

On the other hand, after typing certutil -config - -ping on the Win 2008 machine, I get back both of CA's - and both of them are alive. And when I try to do the same command (certutil -config - -ping) on any other machine in LAN, theres only Win 2012 showed.

Can anybody help me to solve that, please?

3008003
  • 1
  • 4
  • it looks like your Win2008 machine is Standalone CA. – Crypt32 Dec 09 '15 at 14:36
  • The problem is, I can't renew certificate which is used to authenticate users logging by smart cards to system (now I have to log them by login/password). Till yesterday, everything worked fine, but after that certificate expired, I can't renew it to use it again. – 3008003 Dec 09 '15 at 18:30
  • I'll check it tomorrow, when I'll get back to work, but I think it's Enterprise CA and something was just messed up. – 3008003 Dec 09 '15 at 18:39
  • @CryptoGuy - Yeah, I just typed `certutil -getreg ca\catype` - the result is `ENUM_ENTERPRISE_ROOTCA`... – 3008003 Dec 10 '15 at 06:27
  • It appears that your Windows Server 2008 CA is lost its registration in Active Directory. In the ADSIEdit check the following container: `CN=Enrollment Services, CN=Public Key Services, CN=Services {Configuration naming context}`. Does it have entry for your CA? – Crypt32 Dec 10 '15 at 14:48
  • @CryptoGuy - Hmm, there's something weird I think, because I've found an entry for my CA there, but in the `dNSHostName`, is an entry of Win2012 server. Shouldn't it be 2k8 instead? Can I just safely change it by pressing Edit button? – 3008003 Dec 11 '15 at 07:32
  • Yes, there should be win2k8 server DNS name. – Crypt32 Dec 11 '15 at 08:26
  • I did changed the DNS hostname, and now I can select the proper CA from the Server Certificates list, but after I click on Finish it gives me the following message: "The certificate request was submitted to the online authority but was not issued. The request was denied" – 3008003 Dec 11 '15 at 09:38
  • Start new thread for this question. – Crypt32 Dec 11 '15 at 09:40

0 Answers0