01-02-2014 06:03 AM
First, happy new year to all.
Hope someone can help me out.
About six months ago we have configured SCEP for BB10 successfully.
This was working since the RA-Certificates on the CA were vaild.
Since middle of december 2013 SCEP is not working anymore because the RA-Certificates on the CA are expired.
And I am unable to renew these.
It gives me an error that I have not permissions to use the templates like: "You do not have permissions on the certificate template..."
When I check the Security Tab of the Certificate Template I do have the read, write and enroll rights.
These certifcates must be created during the installation (enabling) of the NDES feature on the CA automatically.
The questions is how can I renew these certificates.
Do I need to uninstall the NDES Feature and install it again?
Or is there any other way how to renew these certificates?
You can find these certificates on the Personal Store on your CA(or where NDES is running).
Thanks in advance,
Solved! Go to Solution.
01-02-2014 09:43 AM
We could solve the issue:
to request and install CEP Encryption Certificate and Exchange Enrollment CertificateLog on NDES-Service-Account, visit http://<servername>/certsrv, choose Request a certificate, click advanced certificate request, click Create and submit a request to this CA.Choose Exchange Enrollment Certificate, type some basic information, click Submit. Continue and install the certificate.Repeat to request and install CEP Encryption Certificate.Open MMC. Click File menu, click Add/Remove Snap-in button, click Certificate, click Add, choose Local Computer, click Add again, choose current User, click OK.Open Personal certificates of Current User, move new Exchange Enrollment Certificate and CEP Encryption Certificate to Personal certificate of Local Computer.Run " iisreset" to reset IIS. Try to visit http://<servername>/certsrv/mscep_admin and http://<servername>/certsrv/mscep.
or see chapter:Renewing Service Certificates