Why is PKI so hard? part 2
I promise, this one's shorter. It took me several hours to figure out, researching one alley or another, but here's the deal:
I wanted to request a certificate from the local certificate server, running Windows 2000 Server.
I logged on to http://site.example.com/CertSrv/, and followed the form to request a certificate, as I have done dozens of times before.
Then I go to the Certification Authority Administrative Tool, pull up Pending Requests, and make it Issue the certificate I've just requested.
Now I go back to http://site.example.com/CertSrv/, and I select "Check on a pending certificate request".
"You have no pending certificate requests." says the web page.
Okay, I must have done something wrong. Try again.
"You have no pending certificate requests." it tells me again.
Hours go by, as I try any number of different ways of issuing the certificate request.
Eventually a random DejaNews search brings me to an article describing the exact problem. It sounds stupid, but I try it and sure enough, I get my pending certificate request.
So, there's the answer - and if you're really good at "spot the difference" contests, you'll notice that the answer is in the case of "CertSrv" in http://site.example.com/CertSrv - if you type it like that, your check on a pending certificate request will fail.
"certsrv" must be all in lower case for this to work.
Once again, PKI is "hard" because the tools we are given have this kind of rubbish in them.