Implementing an online responder (OCSP) often requires planning the firewall rules to be created on the network. The following is a list of the required firewall rules and any pitfalls.
Continue reading „Benötigte Firewallregeln für den Onlineresponder (OCSP)“Month: April 2020
Enabling Secure Sockets Layer (SSL) for Certificate Authority Web Enrollment (CAWE).
In the default configuration, Certificate Authority Web Enrollment (CAWE) accepts only unencrypted connections via HTTP. It is recommended that the CAWE be configured for HTTP over TLS (HTTPS) to make network traffic interception more difficult. Instructions are provided below.
Continue reading „Secure Sockets Layer (SSL) für die Zertifizierungsstellen-Webregistrierung (CAWE) aktivieren“Requesting certificates via the Certification Authority Web Enrollment (CAWE) takes a very long time
Assume the following scenario:
- A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
- The role is installed on a separate server, not on the certification authority directly.
- A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
- The process is successful, but the application takes a long time (up to several minutes).
Requesting certificates via Certificate Authority Web Enrollment (CAWE) fails with error code "RPC_S_SERVER_UNAVAILABLE".
Assume the following scenario:
- A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
- The role is installed on a separate server, not on the certification authority directly.
- A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
- The request fails with the following error message:
Your request failed. An error occurred while the server was processing your request. Contact your administrator for further assistance.
In the details of the error message you will find the following note:
CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_SERVER_UNAVAILABLE)Continue reading „Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit Fehlercode „RPC_S_SERVER_UNAVAILABLE““
Required firewall rules for Certification Authority Web Enrollment (CAWE)
Implementing Certificate Authority Web Enrollment (CAWE) often requires planning the firewall rules to be created on the network. The following is a list of the required firewall rules and any pitfalls.
Continue reading „Benötigte Firewallregeln für die Zertifizierungsstellen-Webregistrierung (CAWE)“Requesting a certificate fails with the error message "You cannot request a certificate at this time because no certificate types are available."
Assume the following scenario:
- You try to apply for a certificate from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- To do this, use the Microsoft Management Console (MMC), either for the logged-in user (certmgr.msc) or for the computer (certlm.msc).
- The logged-in user also has the necessary permissions to request certificates from the certificate template in question (enroll).
- You don't get any certificate templates to choose from, even though they are correctly published on the certificate authorities.
- There is also no "Show hidden templates" option. This usually appears at the bottom left of the dialog.
- The following error message is displayed:
Certificate types are not available. You cannot request a certificate at this time because no certificate types are available. If you need a certificate, contact your administrator.Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit der Fehlermeldung „You cannot request a certificate at this time because no certificate types are available.““
Publishing a certificate template on a CA fails with error message "The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)".
Assume the following scenario:
- An administrator publishes a certificate template on a certificate authority.
- The operation fails with the following error message:
The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)Continue reading „Das Veröffentlichen einer Zertifikatvorlage auf einer Zertifizierungsstelle schlägt fehl mit Fehlermeldung „The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or there are replication delays. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_INTERNET_NAME_NOT_RESOLVED".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
The name or address could not be resolved 0x80072ee7 (INet: 12007 ERROR_INTERNET_NAME_NOT_RESOLVED)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_INTERNET_NAME_NOT_RESOLVED““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_INTERNET_TIMEOUT".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
The operation timed out 0x80072ee2 (INet: 12002 ERROR_INTERNET_TIMEOUT)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_INTERNET_TIMEOUT““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_FAILURE".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
The remote endpoint could not process the request. 0x803d000f (-2143485937 WS_E_ENDPOINT_FAILURE)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_ENDPOINT_FAILURE““
Certificate Enrollment Web Service (CES) request fails with error code "WS_E_INVALID_ENDPOINT_URL".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
Certificate Request Processor: The endpoint address URL is invalid. 0x803d0020 (-2143485920 WS_E_INVALID_ENDPOINT_URL)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_INVALID_ENDPOINT_URL““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_UNREACHABLE".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
The remote endpoint was not reachable. 0x803d0010 (-2143485936 WS_E_ENDPOINT_UNREACHABLE)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_ENDPOINT_UNREACHABLE““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_CANNOT_CONNECT".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
Certificate Request Processor: A connection with the server could not be established 0x80072efd (WinHttp: 12029 ERROR_WINHTTP_CANNOT_CONNECT)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_WINHTTP_CANNOT_CONNECT““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_TIMEOUT".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
Certificate Request Processor: The operation timed out 0x80072ee2 (WinHttp: 12002 ERROR_WINHTTP_TIMEOUT)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_WINHTTP_TIMEOUT““
Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_NAME_NOT_RESOLVED".
Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
Certificate Request Processor: The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_WINHTTP_NAME_NOT_RESOLVED““
English 
Deutsch