Article ID: 924033
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise x64 Edition
SYMPTOMS
Consider the following scenario in Microsoft Windows Server 2003:
- You duplicate a certificate template in the Windows Server 2003 enterprise certification authority (CA).
- You do not select the Allow private key to be exported check box.
Note When this option is not selected, private keys cannot be exported in the network.
- The new template is added to the list of available templates.
- During a Web enrollment, another user requests a certificate and selects the new template.
In this scenario, the user can select the Mark keys as exportable check box. When this check box is selected, private keys can be exported. The availability of this check box is not expected.
WORKAROUND
To work around this problem, the user who requests a new certificate must first select a different template and then select the duplicated template. When the user does this, the Mark keys as exportable check box is unavailable. Therefore, private keys cannot be exported.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Keywords: kbsecurity kbtshoot kbprb KB924033