Re: [Pki-users] Auto Enrollment Proxy for Windows with Dogtag CA?

Hi! Can anybody help me with the following question: Is it possible to use the _Auto Enrollment Proxy for Windows_ <http://directory.fedoraproject.org/wiki/Windows_Certificate_Auto_Enrollme... (AEP) with a Dogtag CA? More precisely: I setup a _Dogtag Certification Authority_ <http://pki.fedoraproject.org/wiki/PKI_Main_Page> on a computer running Fedora 13. It works fine through the webinterface that is provided with the Dogtag Sertificate System. I also setup AEP according to all the instructions found _here_ <http://directory.fedoraproject.org/wiki/Auto_Enroll_Documentation>;. I'm pretty sure that I did all the configurations needed in my Windows domain and the corresponding Active Directory. When I request a certificate from the domain controller (I request a certificate of the type 'Domain Controller', as described _here_ <http://directory.fedoraproject.org/wiki/HowTO:_Windows_Domain_Controller_...>), I can capture a fair amount of TCP traffic (with Wireshark) between the domain controller and the computer that is running the Dogtag CA on the correct port (default 9445). However, my Dogtag CA seems to reject the certificate signing requests (CSR) it receives from my Windows domain controller, the domain controller issues the error message "The certificate request cannot be created. The requested property value is empty". I know this error message does not really state what I observe, why would there be traffic on the wire, if the CSR has not even been created (Windows...). If I request a certificate from the command line, as described _here_ <http://directory.fedoraproject.org/wiki/Auto_Enroll_Enrollment>;, I get the error message "The parameter is incorrect. 0x80070057 (WIN32: 87)". I did not do any special AEP related configuration on my Dogtag CA, as _this_ <http://directory.fedoraproject.org/wiki/Auto_Enroll_RHCSConfiguration> page seems to be incomplete. Do I need to configure my Dogtag CA in any way for this to work or wouldn't it work at all (because a Dogtag CA might not really be a Red Hat Certificate System CA)? Thank you for your help! Thomas Peter _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users