Windows server 2008 certificate enrollment web pages




















Sign in to vote. Is it possible to edit Windows Server certificate enrollment Web pages, For example i don't want to see the CA link on the default page and also Is it possible to add some new fields in the Request Certificate Page Or Is it possible to make some fields mandatory in the Request Certificate Page Regards Adeel Aslam. Regards Adeel Aslam. Thursday, July 21, AM. Sure, they are all just ASP pages.

When using the certificate web enrollment page on a Windows Server or Windows Server R2 server, the new Version 3, also known as CNG or templates, don't appear in the Advanced Certificate Request template pulldown menu. As a result, web enrollment using a CNG template can't take place via the web enrollment method. When this occurs, certificates can be requested and enrolled in successfully using the same templates but other enrollment methods.

In other words, you can successfully request a certificate from that template using the certificates MMC snap-in, script, autoenrollment, or exported request.

The issue only occurs with web enrollment not allowing the Version 3 template from being available to select. Frequent other causes of not being able to blanket request a certificate may be that the server isn't an Enterprise server, or the requestor doesn't have Read Allow and Request Allow permissions on the template in Active Directory. This behavior is by design. If you need to support Basic Authentication on the website you will need to make sure that you configure constrained delegation with protocol transition.

However, you will need to scroll down to section Configuring the web site to support Basic Authentication below for more steps required to support basic authentication. Click on the Delegation tab and select Trust this computer for delegation to specified services only. Use any authentication protocol Kerberos constrained delegation with protocol transition.

You now have the Add Services dialog box, click on the Users or Computers… button. Select the following services HOST and rpcss. Once they have been selected click the OK button. Uncheck Enable Kernel-mode authentication , and click the OK button. This section will cover how to configure IIS and the Active Directory accounts to support Kerberos open delegation as well as constrained delegation when the application pool identity is setup for a custom account.

Change the Identity on the Advanced Settings dialog box, which then brings up the Application Pool Identity dialog box. Click on the Set … button. In the Set Credentials dialog box, type in the domain user account to be used and password twice. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen. Incorrect instructions.

Too technical. Not enough information. Not enough pictures. Any additional feedback? Submit feedback. Thank you for your feedback!



0コメント

  • 1000 / 1000