Discussion:
Offline CA Root certificate invisble in AD
(too old to reply)
BENHAMOU Stéphane
2007-03-21 19:48:03 UTC
Permalink
Hi,

I'm implementing a pki to secure our WLAN network. I followed the guidelines
found on the MS Solution "Securing Wireless LANs with Certificate Services".

I installed a Win 2003 SP1 Std Server for Offline CA Root, exported the
certificate and CRL and then imported them in AD through the certutil utility
(certutil -v -f -dsPublish -dc ...)

When I check on a member server if the certificate is published (certutil
-viewstore -enterprise Root), I got nothing. But when I go to the
Configuration, Service, Public Key Services, Certification Authorities, the
CN name of my Root CA certificate is there, with a certificationAuthority
class !

Can someone tell me why the Root CA certificate is not visible but seems to
be installed ? How could I make him visible to verify that everything is fine
?

Thanks in advance.

Stéphane
Brian Komar [MVP]
2007-03-21 21:07:53 UTC
Permalink
In article <A4CFAEF5-D6A2-4934-AABC-D9DB63D5FF66
@microsoft.com>,
Post by BENHAMOU Stéphane
Hi,
I'm implementing a pki to secure our WLAN network. I followed the guidelines
found on the MS Solution "Securing Wireless LANs with Certificate Services".
I installed a Win 2003 SP1 Std Server for Offline CA Root, exported the
certificate and CRL and then imported them in AD through the certutil utility
(certutil -v -f -dsPublish -dc ...)
When I check on a member server if the certificate is published (certutil
-viewstore -enterprise Root), I got nothing. But when I go to the
Configuration, Service, Public Key Services, Certification Authorities, the
CN name of my Root CA certificate is there, with a certificationAuthority
class !
Can someone tell me why the Root CA certificate is not visible but seems to
be installed ? How could I make him visible to verify that everything is fine
?
Thanks in advance.
Stéphane
It may just be a case of patience. I just checked a few
of my environments , and in all cases , I see the
certificate in both the etnerprise root, and in the
certificate manager.

THe best way to check if the publication is successful
is to use the PKI Health Tool (pkiview.msc). Ensure that
the root certificate is on both the Certification
Authorities and AIA tab.

Also, you cut off the important command <G>. Did you
type:
certutil -v -f -dsPublish <RootCertName.cer> RootCA


Brian
BENHAMOU Stéphane
2007-03-22 12:02:00 UTC
Permalink
Post by Brian Komar [MVP]
In article <A4CFAEF5-D6A2-4934-AABC-D9DB63D5FF66
@microsoft.com>,
Post by BENHAMOU Stéphane
Hi,
I'm implementing a pki to secure our WLAN network. I followed the guidelines
found on the MS Solution "Securing Wireless LANs with Certificate Services".
I installed a Win 2003 SP1 Std Server for Offline CA Root, exported the
certificate and CRL and then imported them in AD through the certutil utility
(certutil -v -f -dsPublish -dc ...)
When I check on a member server if the certificate is published (certutil
-viewstore -enterprise Root), I got nothing. But when I go to the
Configuration, Service, Public Key Services, Certification Authorities, the
CN name of my Root CA certificate is there, with a certificationAuthority
class !
Can someone tell me why the Root CA certificate is not visible but seems to
be installed ? How could I make him visible to verify that everything is fine
?
Thanks in advance.
Stéphane
It may just be a case of patience. I just checked a few
of my environments , and in all cases , I see the
certificate in both the etnerprise root, and in the
certificate manager.
THe best way to check if the publication is successful
is to use the PKI Health Tool (pkiview.msc). Ensure that
the root certificate is on both the Certification
Authorities and AIA tab.
Also, you cut off the important command <G>. Did you
certutil -v -f -dsPublish <RootCertName.cer> RootCA
Brian
of course, I type the following command : certutil -v -f -dsPublish -dc MYDC
"A:\CACERT\RootCertName.crt" RootCA

When I replay this command, I get a "Certificate already in store" response,
but can't still view it

Loading...