Create Certificate Request

Aaron 21 Reputation points
2021-09-11T13:01:45.393+00:00

I have the following set up:

  1. Single Root CA installed as Enterprise on Server 2016
  2. Two DC's - Server 2012R2
  3. IIS Web Server
  4. NPS / Radius Server

My goal is to ultimately set up 802.1X using the NPS/Radius, however I am testing the certificates using the IIS Web server.

When I generate the "Create Certificate Request" from the IIS Web Server per these instructions:
https://www.tutorialsteacher.com/https/certificate-signing-request

However when I navigate to the CA's certsrv page to request the signing of the certificate nothing happens when I click the submit button.

My user credentials have domain admin and enterprise admin rights.

I am using selecting the WebServer template.

All services on the CA are running.

Is this a permissions issue or am I not doing this correctly?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,425 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vadims Podāns 8,561 Reputation points MVP
    2021-09-13T07:15:08.403+00:00

    You used wrong guide/article, it is long ago outdated and shall be avoided.

    For IIS stuff, I no longer recommend to use IIS Manager to generate requests, because its functionality is limited and outdated. Instead, you should use Certificates MMC snap-in, for example as outlined in my weblog: Web server certificate enrollment with SAN extension. One thing you should consider -- you MUST specify Subject Alternative Names extension, otherwise neither of modern browsers would trust your certificates. And forget about any article that mentions enrollment web pages, it is dead and any article that mentions them is dead too.

    NPS/Radius is another beast and uses different approach, which is much simpler: you can use certificate autoenrollment to automatically request and renew NPS certificates.

    0 comments
  2. Aaron 21 Reputation points
    2021-09-14T14:05:21.48+00:00

    Interesting.

    Ok so I see no issues with domain devices as I can use GPO to get them working.

    But what about non domain devices such as iPads which are managed by JAMF Pro?

    I have the 802.1x set up on a test SSID right now and both devices will connect manually, but when I try to automate this for the iPads it fails due to EAP issues per the NPS event logs.

    I was using this article below which refers to SCEP.

    My goal is to have the iPads connect to the 802.1x with no user interaction but a password. The user account is a member of AD, but obviously the iPad is not.

    https://docs.jamf.com/technical-papers/jamf-pro/8021x/10.0.0/Overview.html

    0 comments