Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Edit the IPSec (offline request) Certificate Template for MSCEP?

Status
Not open for further replies.

ADB100

Technical User
Mar 25, 2003
2,399
GB
I posted this ages ago - Edit the IPSec (offline request) Certificate Template for MSCEP?


The thread has been closed but I managed to get this working and have replaced the IPSECIntermediateOffline Version 1 certificate template with a Version 2 one. Its simple once you know how... But it probably isn't supported by MS.

Code:
How to replace the 'IPSec (Offline request)' (IPSECIntermediateOffline) Certificate on Windows 2003 Enterprise CA Server.

1. Ensure Certificate Services is installed and running
2. Ensure MSCEP is installed and running
3. Install the support tools so you have ADSIEdit available
4. From the Certificate Template MMC create a duplicate of the 'IPSec (Offline request)' certificate - give it any name
5. Open ADSIEdit and navigate to
	Configuration, 'CN=Configuration,DC=xxxx,DC=xxxx,DC=xxx'
	  CN=Services
	    CN=Public Key Services
	      CN=Certificate Templates

		Right-click 'CN=IPSECIntermediateOffline' and select 'delete'

6. Go back to the Certificate Template MMC and refresh the display - the IPSec (Offline request) should have gone
7. Right-click the copy of the 'IPSec (Offline request)' certificate you created at step 4 and select 'Duplicate Template'
8. Change the Template Display name to 'IPSec (Offline request)' and change the Template name to 'IPSECIntermediateOffline'
9. The certificate is now a version 2 template and can be edited

Andy
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top