Microsoft KB Archive/246572

= How to publish certificates to the Active Directory from a standalone certification authority =

Article ID: 246572

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q246572





IN THIS TASK
SUMMARY
 * Server Configuration
 * Certificate Enrollment



SUMMARY
A Web server that hosts the certification authority certificate enrollment Web pages must be configured for domain authentication, and the certificate request must include an attribute specifying the user certificate template. This article describes how to publish certificates to the Active Directory from a standalone certification authority.

back to the top

Server Configuration
After installing a standalone certification authority with Directory Services write access, you must perform the following steps to be able to publish certificates to the Directory Service:  On the certification authority, run the following command:

certutil -setreg exit\PublishCertFlags EXITPUB_ACTIVEDIRECTORY

 On the certification authority, use the Internet Services Manager MMC snap-in to configure the CertSrv Virtual Directory to require domain authentication.  Right-click the CertSrv virtual directory, click Properties, and then click the Directory Security tab. On the Anonymous access and authentication control, click Edit. Click to clear the Anonymous access check box. Click to select the Basic Authentication and Integrated Windows authentication check box.</li></ol> </li></ol>

back to the top

Certificate Enrollment
Whenever a user wants to enroll for a certificate that should be published to Active Directory, the user must use the certification authority Advanced Certificate Requests feature to submit a request to the certification authority using a form. The user must also type CertificateTemplate:User in the Attributes control on the page under Additional Options prior to submitting the request.

back to the top

Keywords: kbhowto kbhowtomaster KB246572

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.