I was teaching an informal class this week on certificates and Active Directory Certificate Services (AD CS). When a class is informal, you don't necessarily create detailed lab activities ahead of time. It's more like you have a general flow you want to do. Consequently, something just don't work as you expect.
We used IIS Manager to create a domain certificate from the internal CA that we has setup. That part worked fine based on the Web Server template that exists automatically after installing AD CS.
After that I thought this would be a great way to demonstrate superceding a template. Turns out I was wrong. The wizard in IIS Manager will only request certificates based on the Web Server template. If you take that one away, the wizard for creating a domain certificate doesn't work. We were using Windows Server 2012 R2, but this behavior is also consistent in Windows 2008/2008 R2 (IIS 7/7.5)
The work around is to use the Certificates snap-in to create the certificate from AD CS.
Reference:
No comments:
Post a Comment