I have Windos 2000 active directory domain in which I have installed Enterprise Subordinate CA and Enterprise Root on Windows server 2003. But the problem is with the enterprise root certificate which is not able to publish in the active directory as some client machines are getting SSL warning "the certificate cannot be verified up to a trusted certification authority". If i check the certification path then the root certificate is showing a red X and the status is "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store." The option to "send request immediately to an online certification authority" is also grayed out in IIS. When I checked the application log then it was showing some warning which is listed below:
Event ID: 103
Source: CertSvc
Description: Certificate Services temporarily added the root certificate of certificate chain 0 to the downloaded Enterprise Root store. If this problem persists, publishing the root certificate to the Active Directory may be necessary.
Event ID: 103
Source: CertSvc
Description: Certificate Services could not publish a Certificate for request 2 to the following location on server dc1.channeladvisor.com: CN=DC ,OU=Domain Controllers,DC=mydomain,DC=com. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150646, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.
Any suggestions appreciated.
Bookmarks