I have set up a root CA on my domain running Server 2008 R2 Enterprise. When I try to request a certificate it asks me to select a Signing Certificate, but when I click browse there aren't any certificates to pick from. This is a new installation and I am pretty new to setting up a CA so I have more than likely missed a step. Does anybody know what I missed? Thanks in advance

Hi mwolfe87, it seems that you enable a enrollment agent. Have you configured the certificate templates and made setting under "Issuance requirements" tab for "This number of authorized signatures"? Thank you, Lutz

Hi, Thanks for posting in Microsoft TechNet forums. This article might be useful to you while troubleshooting this issue: Active Directory Certificate Services Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc772393(v=ws.10).aspx Regards Kevin

Sorry for the lack of a reply, my CA is causing some binding issues in our test domain so I had to shut it off so that we could successfully run a demo. I am in the process of looking into that issue first and then I will get back to the CA portion. LutzMH, If I remember correctly, I had created a duplicate Enrollment Agent template and set it as 1 as the number of authorized signatures. Do I need to remove that option? K_evin Zhu, I have ran through that set up before, but I think it is a little vague in some of the areas. Do either of you know of some good documentation regarding CA server setup? Thanks again, Michael

Ok, so I have my CA up and running now. I can issue certificates without issue, the thing I am trying to set up is my certsrv page. If I go to https://server/certsrv I get this page is not available, both on the server and other computers. If I got to http://server/certsrv, I get a message stating "The page you are trying to access is secured with Secure Sockets Layer (SSL)." What step am I missing to allow connections to my certsrv page via SSL connection? Michael

Hi, You have to setup https binding for using Web Enrollment feature.Below are the steps: 1) Configure CA to issue Web Server template. - In the CA machine, open certtmpl.msc->Double click to open the Web Server templates-> Goto security tab and give the machine(where you are hosting the Web enrollment pages) read and enroll permission->OK->Close the template. - Goto certsrv.msc and select Certificate templates node-> Right click on it and select "New certificate template to issue" option. 2)Goto the web page hosting machine and request this certificate - On the host machine open certmgr under local machine account - Request for the Web Server certificate template. You have to supply the common name while requesting this certificate. Provide the machine name as the common name. 3) Configure IIS for https binding: - Open Server Manager. - In the console tree, expand Roles, and then expand Web Server (IIS). - Click Internet Information Services (IIS) Manager. -In the console tree under Connections, expand the Web server, expand Sites, and then click the Web site that hosts the Web service. -In the Actions pane, click Bindings. -In the Type list, click https, and then click Edit. -Select the above requested certificate. -OK. After this migrate to <a href="https:///certsrv">https://<machinename>/certsrv page. pen Server Manager. In the console tree, expand Roles, and then expand Web Server (IIS). Click Internet Information Services (IIS) Manager. In the console tree under Connections, expand the Web server, expand Sites, and then click the Web site that hosts the Web service. In the Actions pane, click Bindings. In the Type list, click https, and then click Edit.