Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL Issues

Status
Not open for further replies.
199002003

199002003

MIS
May 3, 2006
129
US
Hi, I have win2k domain with Win2003 server as the CA Cert server, I was able to create the cert.txt but wasn't able to request the cert through the brower(IE7); I got the error say:

Your certificate request was denied.

Your Request Id is 11. The disposition message is "Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: WebServer. ".

I look up the MSFT KB and removed the timestamp but still no success.

TIA
 
Sort by date Sort by votes
Unfortunately your configuration is problematic. Running a CA on a 2003 server in a 2000-level domain sometimes has issues due to schema limitations. I'm pretty sure if you installed the Enterprise CA on a 2000 server, you wouldn't have this problem.

One option is to extend the schema of your current domain so that it is compatible with the 2003 servers ideas, but that's a fairly significant change to make if you aren't ready for it. You can read up on that here:


Another thing to check is whether your templates are actually loaded. Try right-clicking on the Certificate Templates node in the Certification Authority MSC and choose Manage. This will open a list of the templates installed on the box, and you will be able to tell whether there are templates that need to be imported. Importing any waiting templates may allow you to enable the request and reissue the cert in a way that it will accept.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
thanks, I will pass the schema extension since it requires so much more configuration; I look at the templates and they loaded and when I right click and choose "manage" I see list of templates,web server is there( autoenrollment is disabled)

will I encounter any issues if I do the following?

install the CA on win 2000 server then implement the SSL on Exchange 2003 Server in win2k domain.
 
Upvote 0 Downvote
No, I believe that configuration should work.

As a last ditch, before you do that, I would try enabling auto-enrollment and requesting the cert again.

Good luck, and let us know if you run into any more problems.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
I tried the win2003 CA again and still no luck; I went ahead install the CA on win2k server and was able to get the cert. Do you recommend to use the self cert for the OWA server? I have Exchange 2003 server with about 80 mailbox on it plus the OWA was on it as well.

many thanks,
 
Upvote 0 Downvote
I would do the self cert if you don't want to buy a 3rd party cert. I've managed a dozen SBS installs that all use a self-signed cert for OWA without trouble.

But certs are getting cheaper and cheaper. You can get one for your mailserver at GoDaddy for $20 now.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pinytech
  • Locked
  • Question
What is the function of the SSL Cert in Exch 2010
Replies
1
Views
112
DrB0b
DrB0b
jewart17
  • Locked
  • Question
IMAP issues in Outlook 2007
Replies
0
Views
63
jewart17
jewart17
kzn
  • Locked
  • Question
MultiTenancy and SSL and Outlook 2013
Replies
1
Views
73
ShackDaddy
ShackDaddy
MasterRacker
  • Locked
  • Question
SSL and adding a second domain
Replies
2
Views
61
sircles
sircles
intel233
  • Locked
  • Question
MSExchangeRPC issues
Replies
10
Views
165
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top