Certificate Server

The Microsoft Certificate Server is a standards-based, highly customizable server application for managing the creation, issuance, and renewal of digital certificates. Certificate Server generates certificates in standard X.509 format. These certificates are used for a number of public-key security and authentication applications including, but not limited to, server and client authentication under the Secure Sockets Layer (SSL) protocol and  Secure/Multipurpose Internet Mail (S/MIME).

This update to Certificate Server includes:

Basic Installation of Certificate Server

The following instructions documents how to install a Certificate Server as a root certificate authority with the standard configuration options. For more comprehensive documentation of the full range of configuration option possible with the SP6 version of  Certificate Server, including, how to use it to build certificate hierarchies, please go to the Knowledge Base at http://support.microsoft.com/support/ and search for the KB article Q241011

Note: Microsoft IIS 4.0 and IE 4.01 or later must be installed on the computer. The Windows NT Service Pack 6 must also been previously applied to the system.  To install Certificate Server as a Root Certificate Authority, perform the following steps:

  1.  Select the Windows NT 4.0 Option Pack Set-up from the Start\Programs\Windows NT 4.0 Option Pack menu

  2.  Click Next.

  3.  Click Add/Remove.

  4. In the Components list box click Certificate Server.  (Note: IIS must be already installed).

  5. Click Next.

  6.  In the Microsoft Certificate Server Setup dialog box, type the fully qualified path of a directory in which configuration information will be placed; for example, c:\public.  If the directory does not exist, it will be created. If it is an existing directory, you can click Browse to find the directory name.

  7. Click Next.  The next dialog box allows you to input identifying information for this CA. Provide the information for each of the requested identifying items. 

    Item

    Information

    CA Name

    This information is used to create the Distinguished Name (DN) that will be included in the Subject Name and Issuer Name fields of the X.509v3 certificate being created to represent this certificate authority.  Note: Check the release notes for the valid characters to use for this field.

    Organization

    Your company

    Organizational Unit

    Your organization unit

    Locality

    Your locality

    State

    Your state

    Country

    Your country

    CA Description

    An identifying comment

 

  1. Click Next.  After a short time, the following dialog will appear prompting for the location of the certsrv.cab file. 1.        The Certsrv.cab file you require is located on the Service pack 6 CD located in the \valueadd\certsrv\processer directory.  Either browse or type in the location of the directory containing the .cab file i.e. if the CD is the E: drive, and you have an Intel processor it would be E:\ valueadd\certsrv\i386

  2. Click OK

  3. Click Finish

Known Problems and Limitations

1. Be sure to consult the QFE update release at ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/certserv.

2. Installing Certificate Server from the SP6 CD without applying SP6 first will result in the install error "msrevoke.dll is missing from the installation directory" because NTOP is using a setup file which is incompatible with the new Certificate Server. If you receive this error, click cancel, exit the installation, and apply SP6 before installing again. SP6 updates the setup files needed to perform the new installation. 

3. If After installing Certificate Server, you are unable to access the Certificate Server log and queue from the administration Web pages due to a E78 database access error, you may have an IIS Virtual Directory Settings problem. Reapplying SP6 after installation of Certificate Server fixes this problem, or in IIS you can make sure that the application attribute for the Certificate Administration (CertAdm) folder in the default web site is applied.
For detailed steps on how to Apply the application attribute for CertAdm folder in IIS, please go to the Knowledge Base at http://support.microsoft.com/support/ and search for the KB article Q241061.

4. If after Installing Certificate Server the Certificate Authority service will not start, open the Event Viewer and look in the Application Log for the error:
Event ID: 17
Source: CertSvc
Description: "The Certificate Server did not start: Unable to initialize the database connection for <Your CA Name>. The error code is 0xffffffff."

If present, you may not have the proper SystemDSN available for ODBC.  For detailed steps on how to create the proper SystemDSN,  please go to the Knowledge Base at http://support.microsoft.com/support/ and search for the KB article Q241060.