After installing the Certificate Services Web enrollment pages update KB922706 on Server 2003 for Vista clients the install this CA certificate link generates an invalid security certificate. The screen to install the certificate states that the Certificate you requested was issued to you after the certificate is issued and then provides a link to Install this certificate. It then lists This CA is not trusted. To trust certificates issued from this certification authority, install this CA certificate. After selecting install this CA certificate a file named certnew.cer is generated. Saving or directly opening both result in an error message being displayed with the title invalid public key security object file and the message this file is invalid for use as the following: Security Certificate. Steps that Ive already taken:The link was added to the trusted sites in IE7 on Vista.Ive tried Run as administrator on IE7 to make the certificate request. Note: The web enrollment continues to work for Windows XP clients. How can I get the certificates working on Vista Clients? Thanks,Tim

Hi Tim, please understand that WIndows Vista changes Certificate for a better secure. You can refer to the following article. Certificate-Related Changes for Vista http://technet.microsoft.com/en-us/library/cc700848.aspx Then, please check the following points: 1. Check whether SP2 has been applied on the Windows Server 2003 CA server. 2. Add the web enrollment URL of the CA server to the client computers "Trusted Sites" list and ensure the related security settings allow ActiveX control. As a workaround, you can go to a computer that has the Root Cert installed already and export the Root Cert and then install it on your Windows Vista computer manually.

Hi Sean, thanks for your suggestions! In response to your points: 1. Yes, SP2 has been applied on the Windows Server 2003 CA server. 2. Yes, the web enrollment URL was added to the Trusted Sites and the ActiveX security settings have been verified. Exporting the Root Certificate from an XP computer and installing it on the Vista client enabled the web enrollment process to work. Using an advanced request and selecting a 2048 key size created a certificate that could be installed. Can the Root Certificate be installed automatically without requiring the workaround?Is there any security issue created by exporting the Root Certificate and sending it out to clients by email? Thanks,Tim