Certificate enrollment request chain not trusted
Posted
by
makerofthings7
on Server Fault
See other posts from Server Fault
or by makerofthings7
Published on 2012-04-02T16:22:56Z
Indexed on
2012/04/02
17:32 UTC
Read the original article
Hit count: 275
I am working on a MSFT lab for Direct Access, and need to create a Web certificate. The instructions ask be to do the following:
On EDGE1, click Start, type mmc, and then press ENTER. Click Yes at the User Account Control prompt.
Click File, and then click Add/Remove Snap-ins.
- Click Certificates, click Add, click Computer account, click Next, select Local computer, click Finish, and then click OK.
- In the console tree of the Certificates snap-in, open Certificates (Local Computer)\Personal\Certificates.
- Right-click Certificates, point to All Tasks, and then click Request New Certificate.
- Click Next twice.
- On the Request Certificates page, click Web Server, and then click More information is required to enroll for this certificate.
- On the Subject tab of the Certificate Properties dialog box, in Subject name, for Type, select Common Name.
- In Value, type edge1.contoso.com, and then click Add.
- Click OK, click Enroll, and then click Finish.
- In the details pane of the Certificates snap-in, verify that a new certificate with the name edge1.contoso.com was enrolled with Intended Purposes of Server Authentication.
- Right-click the certificate, and then click Properties.
- In Friendly Name, type IP-HTTPS Certificate, and then click OK.
- Close the console window. If you are prompted to save settings, click No.
In production, our company has overridden the Web Server template and it doesn't seem to be issuing certificates with the full CA chain. When I look at the issued certificate properties then both tiers of the 2 tier CA hierarchy are missing.
How can I fix this? I'm not sure where to look outside the GUI.
© Server Fault or respective owner