K
KaPes
Hi,
I have a Standalone Root CA running on Windows 2003 SP2.
I want to enable SSL, TLS for RDP connections to domain controllers, for
that I am following the KB article :http://support.microsoft.com/?id=895433
I am able to request a "server authentication" certificate using web
enrollment, but I wanted to automate this process using certreq.exe and INF
file.
My version of INF is not working, as I am able to generate the certificate,
but it is not showing up as a available certificate for RDP SSL in TS
configuration properties.
Only difference I saw between certificate obtained from webenrollment &
certificate obtained from certreq.exe was keyusage extension being not
critical in certreq.exe certificate.
So, I am assuming that is the problem.
I am not able to set the key usage extension to critical, can anyone help me
with conversion of keyusage value to base64 version as required by INF
If it helps anyone, the Keyusage requires data in ASN.1 BIT STRING format.
http://www.ietf.org/rfc/rfc3280.txt
My INF file
[Version]
Signature= "$Windows NT$"
[NewRequest]
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
KeyUsage = 0x30
Subject = "CN=server1.domain.com"
[EnhancedKeyUsageExtension]
OID = 1.3.6.1.5.5.7.3.1 for "Server Authentication"
[Extensions]
2.5.29.15 = ??????
Critical = 2.5.29.15
Appreciate any help provided
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Argue for your limitations, and sure enough, they're yours.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I have a Standalone Root CA running on Windows 2003 SP2.
I want to enable SSL, TLS for RDP connections to domain controllers, for
that I am following the KB article :http://support.microsoft.com/?id=895433
I am able to request a "server authentication" certificate using web
enrollment, but I wanted to automate this process using certreq.exe and INF
file.
My version of INF is not working, as I am able to generate the certificate,
but it is not showing up as a available certificate for RDP SSL in TS
configuration properties.
Only difference I saw between certificate obtained from webenrollment &
certificate obtained from certreq.exe was keyusage extension being not
critical in certreq.exe certificate.
So, I am assuming that is the problem.
I am not able to set the key usage extension to critical, can anyone help me
with conversion of keyusage value to base64 version as required by INF
If it helps anyone, the Keyusage requires data in ASN.1 BIT STRING format.
http://www.ietf.org/rfc/rfc3280.txt
My INF file
[Version]
Signature= "$Windows NT$"
[NewRequest]
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = FALSE
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
KeyUsage = 0x30
Subject = "CN=server1.domain.com"
[EnhancedKeyUsageExtension]
OID = 1.3.6.1.5.5.7.3.1 for "Server Authentication"
[Extensions]
2.5.29.15 = ??????
Critical = 2.5.29.15
Appreciate any help provided
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Argue for your limitations, and sure enough, they're yours.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~