United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums. Sign in to vote. I then ran certutil repairstore Thursday, September 2, AM. Hi Ok, it sounds like it's not imported correctly Before you reinstall the server, did you export the certificate including the private key? Friday, September 3, AM. Hi Have you exported the certificate including the private key?
If you have, then you can import it and assign it for the exchange services Which version of Exchange are you using? Hi Jonas, Exchange sp2 on a Windows server. I do not have autoenroll. There is a custom service running at the same machine as CA.
This service accepts a certificate request and then forwards it to CA. Then, it immediately resubmits the request using the appropriate request ID. This scheme is more flexible than autoenroll, because it allows me later to introduce additional checks in the service to make sure that resubmit is indeed allowed.
Anyway, resubmit fails with Access Denied. Please, notice the example I give using the standard certutil tool in the first post of this thread - it fails as well if the user does not have the afforementioned permission: C: Users markk.
Then fire up the CA snap, open the security properties of the CA and assign the respective user the right to 'To issue and manager certificates'. Then retry the resubmit action - you should succeed.
Now, how on earth, do I assign this permission in code? I haven't had much time to really investigate. All you are trying to do is obtain the cert for a request which you submitted and was put into pending state and is now issued. Well, you shouldn't need ICertAdmin for that. I think that solves your problem without needing to get into changing permissions.
I don't know off the top how to add the permission to the CA object if that's really what you want to do. However, I imagine there is a custom ACE that you need to build? Best solution is to read in the security descriptor and print out all the ACEs and that will tell you what you need to add. But I don't think you need to do that. Let me know if that works! Let me describe you the process in more detail.
My server component receives a string, which is a certificate request. It then invokes the following APIs:.
Submit - submits the certificate request to CA. ResubmitRequest - there is no certificate in CA until the request submitted earlier is approved. It can be approved in three different ways - manually by an authorized person through the CA management console, by the CA auto enrollment policy and through the programming API. I use the last option. You are mistaken to think that this step is unnecessary. Sign in to vote.
Hi There, I have issue with Ruining Certutil in my server. User is Domain Administrator and applied for all security Groups. Vinay Kumar. Monday, December 16, PM. Hashemi 0. Proposed as answer by SH. Tuesday, December 17, AM.
Thanks for you suggestions.
0コメント