Anti-Spyware Forums


Reply
Thread Tools Display Modes

requesting cert from local CA: "no trusted certificate authoritiesavailable"

 
 
Jason Viers
Guest
Posts: n/a

 
      06-11-2006, 05:58 PM
I'm playing around with AD, certificates, and smart cards on a test
server separated from the rest of our network. I'm currently going by
http://www.microsoft.com/technet/pro.../mapcerts.mspx,
trying to get a certificate that I can place on my smart card to log in
with.

I have a certificate authority installed on this domain controller (as a
stand-alone root CA), and I can see its cert in "Trusted Root
Certificate Authorities". If I try to launch the "Request New
Certificate" wizard for any account, I get an error message saying the
wizard could not be started because "there are no trusted certificate
authorities available", or permission is denied.

Is there something special I have to do to get the local machine to
"trust" this CA, or some other way I should go about this?

Thanks
Bean
 
Reply With Quote
 
 
 
 
Paul Adare
Guest
Posts: n/a

 
      07-11-2006, 01:59 PM
In article <(E-Mail Removed)>, in the
microsoft.public.security news group, Jason Viers <(E-Mail Removed)>
says...

> I have a certificate authority installed on this domain controller (as a
> stand-alone root CA), and I can see its cert in "Trusted Root
> Certificate Authorities". If I try to launch the "Request New
> Certificate" wizard for any account, I get an error message saying the
> wizard could not be started because "there are no trusted certificate
> authorities available", or permission is denied.
>
> Is there something special I have to do to get the local machine to
> "trust" this CA, or some other way I should go about this?
>


To use the MMC wizard your CA needs to be an Enterprise CA, and not a
standalone.

--
Paul Adare - MVP Virtual Machines
Waiting for a bus is about as thrilling as fishing,
with the similar tantalisation that something,
sometime, somehow, will turn up. George Courtauld

 
Reply With Quote
 
 
 
 
Jason Viers
Guest
Posts: n/a

 
      08-11-2006, 10:20 PM
Paul Adare wrote:
> To use the MMC wizard your CA needs to be an Enterprise CA, and not a
> standalone.


Thanks, removing the standalone CA and using an Enterprise CA worked!

I was able to request a certificate, export it, and throw it on the
smart card (with private key). When trying to log in, I can insert the
card and it asks for the PIN, but then says

The system could not log you on. The server authenticating you reported
an error (0xC00000BB). See the EventLog for more information.

In the EventLog is the following error:

An error occurred while retrieving a digital certificate from the
inserted smartcard. The keyset is not defined. Data: 19000980

This is all taking place on a single Windows 2003 Enterprise box, so the
documents I see about XP SP2 causing problems
(http://support.microsoft.com/kb/891849) don't apply.

I can look on the smartcard (using the ActivClient Agent software) and
see that the certificate is there, it's been "made available to
Windows", and been set as the primary certificate.

Any ideas what's causing this?
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Commercial cert vs. Microsoft Certificate Services generated cert Luckypolo Security Software 7 22-06-2007 02:01 PM
shutting down a trusted CA and raising a new trusted CA cobra Security Software 3 16-07-2005 08:09 AM
Can "trusted Computing" be trusted? Imhotep Security Software 28 16-05-2005 08:30 PM
Where can I find trusted list of trusted sites ? Alex P Virus Information 16 23-10-2004 07:03 PM
Cisco VPN Client Cert auth - Cert from AD, invalid cert Michael Petersson Security Software 0 21-09-2004 01:22 PM


All times are GMT. The time now is 03:06 PM.