Technology Tips and News
Hi All,
I was implementing 2008 R2 PKI, and I created CRLs and OCSP. It was ok, but when I check from internet using firefox and chrome, it's still not trustworthy certificate. So I use "certutil -url cert.cer". Both the CRLS and OCSP passed. But the "retrieve Certs (from AIA)" is NOT, "NO URLS".
How do I make that? Can't find it on the net.
Thanks for your help!
Arnie
Hello,
Your CA is correctly deployed to your workstation ?
Firefox doesn't use the Windows Certificate Store. You need to import your CA manually in Firefox settings
Hello,
Yes you need to deploy the CA with a GPO to computers in your AD. On the CA server, it should be already in the trusted certificate store.
Maybe you need to add the CA werbsite to "trusted sites" in IE settings
If you want to use Firefox, you need to import the CA in the Firefox settings.
If you want to use Chrome, you do not need other step, because Chrome use the local store of Windows.
I don't want it trusted only in my domain, I want it also on the public or internet... Somehow IE trust is OK on the internet/public but firefox/chrome won't trust it right away. And as I said on the testing of certutil -url xxxx.cer, the retrieve cert from AIA is "NO URLS", I don't know what to do with that.
My company wants me deploy it not only on our Domain but as well as on the internet, since buying certificates are expensive, we have about 100 employees.
Thanks for replying Sebastien, I appreciated.
Hi,
If you want include the AIA in the issued certificate, we need to change the settings of the CA and then re-issued the certificate.
Best Regards.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier