Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/246572

From BetaArchive Wiki
Knowledge Base


Article ID: 246572

Article Last Modified on 10/30/2006



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server



This article was previously published under Q246572


SUMMARY

A Web server that hosts the certification authority certificate enrollment Web pages must be configured for domain authentication, and the certificate request must include an attribute specifying the user certificate template. This article describes how to publish certificates to the Active Directory from a standalone certification authority.

back to the top

Server Configuration

After installing a standalone certification authority with Directory Services write access, you must perform the following steps to be able to publish certificates to the Directory Service:

  1. On the certification authority, run the following command:

    certutil -setreg exit\PublishCertFlags EXITPUB_ACTIVEDIRECTORY

  2. On the certification authority, use the Internet Services Manager MMC snap-in to configure the CertSrv Virtual Directory to require domain authentication.
    1. Right-click the CertSrv virtual directory, click Properties, and then click the Directory Security tab.
    2. On the Anonymous access and authentication control, click Edit.
    3. Click to clear the Anonymous access check box.
    4. Click to select the Basic Authentication and Integrated Windows authentication check box.


back to the top

Certificate Enrollment

Whenever a user wants to enroll for a certificate that should be published to Active Directory, the user must use the certification authority Advanced Certificate Requests feature to submit a request to the certification authority using a form. The user must also type CertificateTemplate:User in the Attributes control on the page under Additional Options prior to submitting the request.

back to the top

Keywords: kbhowto kbhowtomaster KB246572