Hi all.. Recently I migrated my CA from Windows Server 2003 to Server 2008... I use certificates for many things, but I encountered a problem with certificates I use to secure remote desktop connection ( Terminal Services - RDP) The problem is, when I try to request webserver certificate ,I cannot select " Store certificate in the local computer certificate store "? I need that certificate to be installed in computer not user certificate store so I can select and use that certificate in terminal services RDP settings. I read that in Server 2008 that function is not supported any more, but how can I add that certificate to computer certificate store instead of user certificate store? Please help Thanx in advance

The local machine store access has beeb removed from the Windows Server 2008 Web interface.You can still request the certificate, but you must request it from a Certificates MMC console, focused on the local machine.WHen you make the request, it will ask for additional information, and you can input the information into the dialog box (instead of the Web form).Just open an MMC, load the Certificates console, and focus on the Local Machine.Brian

Thank you very much, that solved my problem,it was so simple :) Now I have another problem and I'm asking for you r help again. I have to issue a certificate that I use to secure vpn connection with Cisco ASA firewall. Is has to be issued to another company,another name etc... But when I log on to CA web interface of create new request via MMC console, it is issued to ME and I don't want that, the certificate needs to be issued to contoso , OU contoso, State UK for an example.. How can I accomplish this? Thanx in advance, Regards

How are you generating the request?If you can get the request to be a PKCS#10 request file (sometimes referred to as a CSR) at the Cisco device, it really does not matter that the certificate is issued to you. You just need the certificate to install at the ASA firewall (the private and public keys were generated and stored at the ASA firewall when the request was generated).Here are some steps that I found for you (http://www.globalsign.com/support/csr/serversign_cisco3k.php)Again, when you submit the request, what you need is the generated certificate to install at the Cisco ASA firewall.You can then delete it from your personal profile once exported.Brian

Hi Brian.. That's not the problem... Ok.. Let me try to explain better... In order to paste PKCS#10 request, i must be logged in with some authenticated user,in our case is some domain user and when I paste the request the certificate is issed again to ME,not to some other company as I wanted to. I think that the problem is in certificates templates. Lets say, I want user certificate. Original certificate template (v1) , subject name is "Built from information in Active Directory and that setting is grayed out,I cannot change it. I try to make custom template with subject name setting "Supplied in the request" and some other settings like the option to export private key, but custom template in not showing in templates to issue tab ,that means I cannot request it. I think this is the problem I'm facing? Please help, I don't know what else to do? Regards,

Hi, After creating a new certificate template, you need to publish it to the CA. Deploying Certificate Templates http://technet.microsoft.com/en-us/library/cc770794(WS.10).aspxThis posting is provided "AS IS" with no warranties, and confers no rights.

Hi, I really don't know what can be the problem! I have Windows 2003 Domain Controller and Windows 2008 CA... I try to issue my custom template according to that article but the template is not listed in "New Certificate Templates to issue" list... Everything looks ok ,i duplicated the user template,give an custom name, selected the purpose ,waited for some time for certificate replication between domain controllers still nothing :( I've checked ,my CA pc is in Cert Publishers domain group... What can be the problem? Thanx in advance Regards

Is your CA running on Windows Server 2008 Standard Edition?If so, you cannot issue certificates based on V2 or V3 certificate templates.So, your choice is to upgrade in place to Windows Server 2008 Enterprise Edition, or to upgrade to Windows Server 2008 R2 Standard Edition (this is the first version to allow v3 or V3 certificate template issuance from Standard Edition).Alternatively, your CA is having problems communicating with AD. Check for errors in the Application Log stating that the CA's Policy module cannot contact AD for the list of certificate templates.Brian