Can not renew root ca

H

Harrison Midkiff

Hello:

I have a Windows 2003 SP1 server running as a Stand Alone Root CA. Its
certificate is about to expire. Whether I choose "Renew Certificate with
New Key..." or "Renetw Certificate with Same Key..." I always get the same
error.

"You do not have permission to request a certificate based on the selected
certificate template"

My account is a member of the Enterprise Admins. I've Googled this, but
haven't found anything. Does anyone have any idea?

Harrison Midkiff
 
S

Saurav Sinha [MSFT]

How are you reneweing the CA certificate? Please try using the CA snapin
certsrv.msc, right click on the CA node and under "All Tasks" action item
you will see the option to renew.
Thanks
 
H

Harrison Midkiff

Saurav:

That got it! I was able to renew the cert. One more simple questions if I
could. I remember there was a way to deploy this certificate to
workstations so users don't have to download it. Do you recall how to do
that?

Harrison Midkiff



"Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message
news:O3CRMoocIHA.6024@TK2MSFTNGP06.phx.gbl...
> How are you reneweing the CA certificate? Please try using the CA snapin
> certsrv.msc, right click on the CA node and under "All Tasks" action item
> you will see the option to renew.
> Thanks
 
B

Brian Komar

The easiest is to have a member of enterprise admins run:
certutil -dspublish -f <rootca_certname.crt> RootCA
The certificate is then pushed to all domain and forest members as a trusted
root CA
Brian

"Harrison Midkiff" <HMidkiff@aviinc.com> wrote in message
news:O4PmNsvcIHA.4140@TK2MSFTNGP04.phx.gbl...
> Saurav:
>
> That got it! I was able to renew the cert. One more simple questions if
> I could. I remember there was a way to deploy this certificate to
> workstations so users don't have to download it. Do you recall how to do
> that?
>
> Harrison Midkiff
>
>
>
> "Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message
> news:O3CRMoocIHA.6024@TK2MSFTNGP06.phx.gbl...
>> How are you reneweing the CA certificate? Please try using the CA snapin
>> certsrv.msc, right click on the CA node and under "All Tasks" action item
>> you will see the option to renew.
>> Thanks
>
>
 
H

Harrison Midkiff

Thanks I got the certificate out.


"Brian Komar" <brian.komar@nospam.identit.ca> wrote in message
news:B1C24C68-BAA6-4FDF-A2BB-9BB61E487D64@microsoft.com...
> The easiest is to have a member of enterprise admins run:
> certutil -dspublish -f <rootca_certname.crt> RootCA
> The certificate is then pushed to all domain and forest members as a
> trusted root CA
> Brian
>
> "Harrison Midkiff" <HMidkiff@aviinc.com> wrote in message
> news:O4PmNsvcIHA.4140@TK2MSFTNGP04.phx.gbl...
>> Saurav:
>>
>> That got it! I was able to renew the cert. One more simple questions if
>> I could. I remember there was a way to deploy this certificate to
>> workstations so users don't have to download it. Do you recall how to do
>> that?
>>
>> Harrison Midkiff
>>
>>
>>
>> "Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message
>> news:O3CRMoocIHA.6024@TK2MSFTNGP06.phx.gbl...
>>> How are you reneweing the CA certificate? Please try using the CA snapin
>>> certsrv.msc, right click on the CA node and under "All Tasks" action
>>> item you will see the option to renew.
>>> Thanks
>>
>>
>
 
You must log in or register to reply here.

Similar threads

I
Renew CA Certificate with different signing algorithm...
Replies
0
Views
41
imprise
I
S
When issuing Enterprise Root-CA, it shows "Active Directory Certificate Services could not connect to Global Catalog Server"
Replies
0
Views
38
Samuel_TRX
S
A
CA: Using Custom Templates
Replies
0
Views
51
avilt
A
G
Question about PKI and Subordinate Authority Certificate
Replies
0
Views
57
Gustavo Garcia5
G
W
Can I sign a CSR with my CA without any templates? Windows server 2019
Replies
0
Views
56
whye keat foo
W
Back
Top Bottom