question

mariusroma avatar image
0 Votes"
mariusroma asked FanFan-MSFT commented

Certification Authority Web Enrollment installation incomplete

I need to create a Standalone Certification authority on a Windows Server 2019 server member of a workgroup in my lab environment.
I installed Active Directory Certificate Services with
Certification Authority and Certification Authority Web Enrollment.
During setup I configured my CA and everything loos fine.
When I try to request a certificate I get several problems:
- I can access Certification Authority Web Enrollment only via http, not https, by entering http://<server fqdn>/certsrv

  • When I try to request a web browser certificate the page looks incomplete, and I don't see anything after "Key Strength."

  • If I try to submit my request anyway I get the following error:

Error

Your request failed. An error occurred while the server was processing your request.
Contact your administrator for further assistance.
Request Mode:
newreq NN - New Request (keygen)
Disposition:
(never set)
Disposition message:
(none)
Result:
Invalid pointer 0x80004003 (-2147467261 E_POINTER)
COM Error Info:
CCertRequest::Submit: Invalid pointer 0x80004003 (-2147467261 E_POINTER)
LastStatus:
The operation completed successfully. 0x0 (WIN32: 0)
Suggested Cause:
No suggestions.

It looks that the setup of the Certification Authority Web Enrollment is not complete.
Where can I locate detailed documentation about ALL the steps to install and configure a standalone CA and the Certification Authority Web Enrollment?
Regards
marius

79146-immagine.jpg


windows-server-2019
immagine.jpg (74.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mariusroma avatar image
0 Votes"
mariusroma answered FanFan-MSFT commented

Many thanks for the answer and the pointer.
I repeated the setup more times, but each time I install the Certification Authority Web Enrollment the site is configured to be accessed only via http and does not work.
Is there any setting I should perform in IIS before installing the Certification Authority Web Enrollment site?
Regards
marius

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
I didn't perform anything before installing the Certification Authority Web Enrollment.
One point did the ca certificated was install in the servers which tried to request the certs?
Best Regards,

0 Votes 0 ·
FanFan-MSFT avatar image
1 Vote"
FanFan-MSFT answered

Hi,
In my lab , the CA is a windows 2016 server with the Certification Authority Web Enrollment installation .
When try to request a web browser certificate the page as:
79502-3183.jpg
I followed the steps to set up a stand alone CA in the following link (ignore other steps for enterprise CA):
https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx#Install_the_Standalone_Offline_Root_CA

And then i install the Certification Authority Web Enrollment role on the server, keep everything by default.



3183.jpg (61.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.