Microsoft KB Archive/313234

= HOW TO: Change the Policy Settings for a Certification Authority (CA) in Windows 2000 =

Article ID: 313234

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q313234



IN THIS TASK
SUMMARY
 * How to Publish Certificates to Active Directory
 * How to Specify CA Certificate Access Points



SUMMARY
You can configure Microsoft Certificate Server to support a number of different policy settings, including policy settings that allow you to perform the following tasks:
 * Publish certificates to Active Directory.
 * Publish certificates to the file system.
 * Specify CA certificate access points in issued certificates.

To publish certificates to Active Directory, the server on which the CA is installed must be a member of the Certificate Publishers group in an Active Directory domain. If you install Certificate Services on a server, the server is automatically made a member of the domain Certificate Publishers group, and you are able to publish certificates to Active Directory by default.

To request a certificate, you must include &quot;certfile: &quot; in your request to have the certificate published to the file system. After the request is granted, the certificate is copied to the  file that you include in your request.

CA certificate access points are either File Transfer Protocol (FTP) locations, Hypertext Transfer Protocol (HTTP) locations, Lightweight Directory Access Protocol (LDAP) locations, or file system locations that contain certificate information. Certificate access points include the certificate revocation list (CRL) distribution points (CDPs) and authority information access (AIA) points.

back to the top

How to Publish Certificates to Active Directory

 * 1) Log on as an administrator.
 * 2) Click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
 * 3) Right-click the CA and click Properties.
 * 4) Click the Exit Module tab, and then click Configure.
 * 5) Do one of the following steps, and then click OK:
 * 6) * If you do not want to publish certificates in Active Directory, click to clear the Allow certificates to be published in Active Directory check box.

-or-
 * 1) * If you want to publish certificates in Active Directory, click to select the Allow certificates to be published in Active Directory check box.
 * 2) Click OK.
 * 3) Right-click the CA in the left pane, point to All Tasks, and then click Stop Service.
 * 4) Right-click the CA in the left pane, point to All Tasks, and then click Start Service.

back to the top

How to Specify CA Certificate Access Points

 * 1) Log on as an administrator.
 * 2) Click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
 * 3) Right-click the CA and click Properties.
 * 4) Click the Policy Module tab, and then click Configure.
 * 5) Click the X.509 Extensions tab, and then either click Add CDP to add a new CDP or click Remove to remove a CDP.
 * 6) Either click Add AIA to add a new AIA point or click Remove to remove an existing AIA point.

NOTE: To make the file system location available for both CDPs and AIA points, click to select the check box to the left of the file location.
 * 1) Click OK, and then click OK.
 * 2) Right-click the CA in the left pane, point to All Tasks, and then click Stop Service.
 * 3) Right-click the CA in the left pane, point to All Tasks, and then click Start Service.

back to the top

Keywords: kbhowto kbhowtomaster KB313234

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.