D
DJH
Hey,
We have an internal PKI utilising an offlint root and policy server, and an
AD integrated enterprise issuing server. We've distributed our root
certificate via a GPO to all workstations/servers in AD.
We have a number of certifcate templates for SSL certs. We permission these
with Role groups to define who can request and modify the certs.
We have one problematic box, when requesting a certificate via
servername\certsrv we get a permission denied error:
"An error occurred while creating the certificate request. Please verify
that your CSP supports any settings you have made and that your input is
valid.
Suggested cause:
You do not have write permission to save the file to the path
Error: 0x00000046 - Permission Denied"
The request is for a generic SSL certificate so that a secure channel can be
used to communicate between 2 boxes. The certificate request never reaches
the enterprise issuing server (no record of failed request). The error
message indicates a permission issue, but the way we permission the templates
is such that you wont see the cert via the web interface if your not a member
of the group which can request this certificate type. The user requesting the
certificate is a member of builtin\administrators of the box requesting the
certificate.
Anyone have any suggestions?
We have an internal PKI utilising an offlint root and policy server, and an
AD integrated enterprise issuing server. We've distributed our root
certificate via a GPO to all workstations/servers in AD.
We have a number of certifcate templates for SSL certs. We permission these
with Role groups to define who can request and modify the certs.
We have one problematic box, when requesting a certificate via
servername\certsrv we get a permission denied error:
"An error occurred while creating the certificate request. Please verify
that your CSP supports any settings you have made and that your input is
valid.
Suggested cause:
You do not have write permission to save the file to the path
Error: 0x00000046 - Permission Denied"
The request is for a generic SSL certificate so that a secure channel can be
used to communicate between 2 boxes. The certificate request never reaches
the enterprise issuing server (no record of failed request). The error
message indicates a permission issue, but the way we permission the templates
is such that you wont see the cert via the web interface if your not a member
of the group which can request this certificate type. The user requesting the
certificate is a member of builtin\administrators of the box requesting the
certificate.
Anyone have any suggestions?