Root CA Cert Not Added to Trusted Root Authorities under XP/WM6 (Works On Vista) - PKI deployed via Active Directory

-

 

hi,  i have created internal pki offline root , online enterprise intermediate ca under windows server 2008.

i have deployed certificates active directory per microsoft pki infrastructure book. have strange problem in 2 root , issuing certificates added fine vista machines , root cert added trusted root certificate authorities store expected.

however the windows xp clients joined same domain have 2 certificates under intermediate certificate authorities root certificate not listed under root certificate authorities store, certificates therefore untrusted machine. the same applies to windows mobile 6 (when installing manually), install root cert clicking on , says certificates have been installed when check cert in intermediate store , no trusted root cert has been added.

i haven't clue what's going on, same active directory domain vista boxes seem work fine. cant find error messages on server nor xp client.

the certs can viewed here:

http://www.monsterserve.net/certs/issuing.cer
http://www.monsterserve.net/certs/root.cer
http://www.monsterserve.net/certs/root+issuing.p7b (i manually exported entire chain here testing).

have done wrong or generated unsuported certificates? ideas how can above certs installed under windows mobile trusted root store , xp?

many in advance,

chris

actually, @ certificates, missed key point in chapter 1 of book.
only windows vista , windows server 2008 support cng.
you have create root certificate sha256 signature, cannot used or trusted xp.
xp sp3 can validate certificate, cannot consume it.
you have created, lack of better term, vista/2008 pki.
you need re-created pki using sha1 signature now.
again, discussed in chapter 1, @ later date, when clients running vista , servers 2008 or operating systens other 2003 support cng (this excludes mobile well), can change signing hash algorithm
brian


Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more