[cisco-voip] Microsoft Certificate Authority? Certserv ?

Mike King me at mpking.com
Wed Jun 11 08:47:55 EDT 2014


Jason,

That first screen shot, can you repeat it with the Certification Path tab
selected?

Assuming they are using Microsoft CA, the  “Private RootCA” is
automatically published to every joined computer in the domain.  Every
computer that has the  “Private RootCA” cert, will automatically trust any
certificate issued by that CA.  The certificates published by that CA do
not need to go into active directory, nor do they need to be pushed to
every client.

>From the limited information you have, I'm guessing.
either the  “Private RootCA” they signed your cert with is not the  “Private
RootCA” they have published in Active Directory
or, the  “Private RootCA”is not being published by  Active Directory.


On Tue, Jun 10, 2014 at 8:27 PM, Jason Aarons (AM) <
jason.aarons at dimensiondata.com> wrote:

>  Is anyone a guru at Microsoft PKI in a Windows Domain and Pushing certs
> via GPO?
>
>
>
> A customer signed a CallManager Server Certificate with their  Private
> Domain Root CA.  They send me back the tomcat.cer and other need .cer  and
> the DomainRootCa.cer that chains them up.  I installed them all fine.
>
>
>
> After that  I go to any server webpage and I get a warning error in both
> IE and Firefox and application that it’s not trusted.
>
>
>
> Does the server certificates he signed need to get pushed to all the
> Windows 7 PCs via GPO ?  All the PCs supposedly already have the “Private
> RootCA” but we didn’t push anything else in AD.
>
>
>
> If I manually install his Private Domain Root CA into Windows 7 corporate
> image the problem goes away and it chains up.  In short the chaining up
> failing but I’m not clear why.
>
>
>
> Example screen shots
>
> Jabber client message after clicking on show;
>
>
>
>
>
> https://servername.fqnd.com for IMP
>
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140611/dc9294b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 86253 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140611/dc9294b3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18118 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140611/dc9294b3/attachment-0001.png>


More information about the cisco-voip mailing list