Can not renew root ca

  • Thread starter Thread starter Harrison Midkiff
  • Start date Start date
H

Harrison Midkiff

Hello:

I have a Windows 2003 SP1 server running as a Stand Alone Root CA. Its
certificate is about to expire. Whether I choose "Renew Certificate with
New Key..." or "Renetw Certificate with Same Key..." I always get the same
error.

"You do not have permission to request a certificate based on the selected
certificate template"

My account is a member of the Enterprise Admins. I've Googled this, but
haven't found anything. Does anyone have any idea?

Harrison Midkiff
 
How are you reneweing the CA certificate? Please try using the CA snapin
certsrv.msc, right click on the CA node and under "All Tasks" action item
you will see the option to renew.
Thanks
 
Saurav:

That got it! I was able to renew the cert. One more simple questions if I
could. I remember there was a way to deploy this certificate to
workstations so users don't have to download it. Do you recall how to do
that?

Harrison Midkiff



"Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message
news:O3CRMoocIHA.6024@TK2MSFTNGP06.phx.gbl...
> How are you reneweing the CA certificate? Please try using the CA snapin
> certsrv.msc, right click on the CA node and under "All Tasks" action item
> you will see the option to renew.
> Thanks
 
The easiest is to have a member of enterprise admins run:
certutil -dspublish -f <rootca_certname.crt> RootCA
The certificate is then pushed to all domain and forest members as a trusted
root CA
Brian

"Harrison Midkiff" <HMidkiff@aviinc.com> wrote in message
news:O4PmNsvcIHA.4140@TK2MSFTNGP04.phx.gbl...
> Saurav:
>
> That got it! I was able to renew the cert. One more simple questions if
> I could. I remember there was a way to deploy this certificate to
> workstations so users don't have to download it. Do you recall how to do
> that?
>
> Harrison Midkiff
>
>
>
> "Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message
> news:O3CRMoocIHA.6024@TK2MSFTNGP06.phx.gbl...
>> How are you reneweing the CA certificate? Please try using the CA snapin
>> certsrv.msc, right click on the CA node and under "All Tasks" action item
>> you will see the option to renew.
>> Thanks
>
>
 
Thanks I got the certificate out.


"Brian Komar" <brian.komar@nospam.identit.ca> wrote in message
news:B1C24C68-BAA6-4FDF-A2BB-9BB61E487D64@microsoft.com...
> The easiest is to have a member of enterprise admins run:
> certutil -dspublish -f <rootca_certname.crt> RootCA
> The certificate is then pushed to all domain and forest members as a
> trusted root CA
> Brian
>
> "Harrison Midkiff" <HMidkiff@aviinc.com> wrote in message
> news:O4PmNsvcIHA.4140@TK2MSFTNGP04.phx.gbl...
>> Saurav:
>>
>> That got it! I was able to renew the cert. One more simple questions if
>> I could. I remember there was a way to deploy this certificate to
>> workstations so users don't have to download it. Do you recall how to do
>> that?
>>
>> Harrison Midkiff
>>
>>
>>
>> "Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message
>> news:O3CRMoocIHA.6024@TK2MSFTNGP06.phx.gbl...
>>> How are you reneweing the CA certificate? Please try using the CA snapin
>>> certsrv.msc, right click on the CA node and under "All Tasks" action
>>> item you will see the option to renew.
>>> Thanks
>>
>>
>
 
Back
Top