Certificates - What am I missing?

To secure communication between my citrix server and its secure gateway in
the dmz it is recommend to use a server certificate. I have an internal
enterprise CA set up on a Windows 2003 server. When I go t0 the the web page
to request a certificate from the CA the options I have available are: User,
Administrator, EFS Recovery Agent, Basic EFS, Web Server, Exchange User, and
Exchage Signature Only. What am I missing? I'm confused about what type of
certificate I should be requesting.

Massimo
Wed Feb 02 10:22:24 CST 2005

"Brian Hesseling" <BrianHesseling@discussions.microsoft.com> ha scritto nel
messaggio news:E81C61EB-D6B1-45A4-8FC4-CD775B17AD6B@microsoft.com...

> What am I missing? I'm confused about what type of
> certificate I should be requesting.

Start the Certification Authority MMC and use it to enable the certificate
types you need.

Massimo

BrianHesseling
Wed Feb 02 11:05:15 CST 2005

I guess that is what I'm confused on. When the documentation says a "server"
certificate which one do they mean? When I look in the certificate authority
mmc it doesn't list a certificate type as "server".

"Massimo" wrote:

> "Brian Hesseling" <BrianHesseling@discussions.microsoft.com> ha scritto nel
> messaggio news:E81C61EB-D6B1-45A4-8FC4-CD775B17AD6B@microsoft.com...
>
> > What am I missing? I'm confused about what type of
> > certificate I should be requesting.
>
> Start the Certification Authority MMC and use it to enable the certificate
> types you need.
>
> Massimo
>
>

Brian
Wed Feb 02 11:09:34 CST 2005

In article <E81C61EB-D6B1-45A4-8FC4-CD775B17AD6B@microsoft.com>,
BrianHesseling@discussions.microsoft.com says...
> To secure communication between my citrix server and its secure gateway in
> the dmz it is recommend to use a server certificate. I have an internal
> enterprise CA set up on a Windows 2003 server. When I go t0 the the web page
> to request a certificate from the CA the options I have available are: User,
> Administrator, EFS Recovery Agent, Basic EFS, Web Server, Exchange User, and
> Exchage Signature Only. What am I missing? I'm confused about what type of
> certificate I should be requesting.
>
The WEb interface is not for requesting certificates for computers
(except for offline requests where the subject is provided in the
request).

Use the Certificates mmc console focused on the local machine to request
the certificate.
- Ensure that you have made the certificate template that you require in
the Certification Authority console.
- Ensure that permissions are set to allow the computer the Read and
Enroll permissions for the template (Certtmpl.msc).
- Ensure that you are logged on as a local administrator.

Brian

Steven
Wed Feb 02 23:42:43 CST 2005

If the certificate is going to be used for ipsec lt2p/ipsec client then you
could try to first enable the offline ipsec certificate in the CA Management
Console and then request that entering the computer name in the request and
being sure to save it to the computer store. A web server certificate is
used for server authentication, normally for websites for ssl. Other wise a
plain "computer" certificate is used for client/server authentication [ VPN
server] and can be requested via the mmc certificates snapin for the
computer by going to the personal folder/certificates, right clicking and
selecting all tasks - request certificate., . --- Steve



"Brian Hesseling" <BrianHesseling@discussions.microsoft.com> wrote in
message news:E81C61EB-D6B1-45A4-8FC4-CD775B17AD6B@microsoft.com...
> To secure communication between my citrix server and its secure gateway in
> the dmz it is recommend to use a server certificate. I have an internal
> enterprise CA set up on a Windows 2003 server. When I go t0 the the web
> page
> to request a certificate from the CA the options I have available are:
> User,
> Administrator, EFS Recovery Agent, Basic EFS, Web Server, Exchange User,
> and
> Exchage Signature Only. What am I missing? I'm confused about what type of
> certificate I should be requesting.