No access to /certsrv
Hi,
I have an Enterprise subordinate CA on 2008R2 datacenter. I have installed the CA Web enrollment service.
I want to configure Web enrollment so users can submit requests, but I seem to be unable to set permissions on the virtual directory (the add button is greyed out in the security permissions gui). Is there some other way to set this up? I am
a local and domain admin.
I have noticed that the owner is "trusted installer".
There must be some way to configure this, but I can't find any recommended MS method for it....
Please advise,
Thanks,
Fred.
November 10th, 2010 11:08am
Hi,
read carefully this detailed guide
http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
HTHEdoardo Benussi - Microsoft MVP
Management Infrastructure - Systems Administration
https://mvp.support.microsoft.com/Profile/Benussi
Windows Server Italian Forum Moderator
edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2010 11:26am
Hi,
Thanks for that - but can't see anything relevant to my specific problem.
Thanks anyway.
November 10th, 2010 11:28am
when you tell "(the add button is greyed out in the security permissions gui)" are you speaking about directory security in iis manager console or about ntfs permissions ?Edoardo Benussi - Microsoft MVP
Management Infrastructure - Systems Administration
https://mvp.support.microsoft.com/Profile/Benussi
Windows Server Italian Forum Moderator
edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2010 11:33am
On Wed, 10 Nov 2010 16:21:24 +0000, Edoardo Benussi [MVP] wrote:
Hi,
read carefully this detailed guide
http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
No offense but I strongly recommend that no one use this guide to build a
PKI based on certificate services. An online, Enterprise Root CA, should
never be used in a production environment of any size. It simply isn't
secure enough for production use.
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
November 10th, 2010 11:54am
On Wed, 10 Nov 2010 16:03:28 +0000, asdasdqqwqwqwqw wrote:
I have an Enterprise subordinate CA on 2008R2 datacenter.? I have installed the CA Web enrollment service.
I want to configure Web enrollment so users can submit requests, but I seem to be unable to set permissions on the virtual directory (the add button is greyed out in the security permissions gui).? Is there some other way to set this up?? I am a local and domain
admin.
I have noticed that the owner is "trusted installer".
There must be some way to configure this, but I can't find any recommended MS method for it....
You should not have to modify permissions at all, what makes you think that
you need to do this?
What is the exact name of the role service you installed? Are you sure that
you installed the correct one as there are now 2 that have "enrollment" and
"web" in their names:
Certification Authority Web Enrollment
and
Certificate Enrollment Web Service
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2010 12:01pm
On Wed, 10 Nov 2010 16:21:24 +0000, Edoardo Benussi [MVP] wrote:
read carefully this detailed guide
http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm
Also, the guide mentioned above is for 2003. Things have changed quite
significantly for 2008 R2.
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
November 10th, 2010 12:02pm
Hi Fred,
How's everything going? If you need further assistance, please do not hesitate to respond back.
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2010 4:21am
Yeah all sorted. You don't need to modify permissions, just make sure you have enrol permissions on the relevant certificate...
November 17th, 2010 4:34am