If nothing else, they will want proof that you own the domain, normally by you placing a text file somewhere on your website or updating a DNS record for your domain. You will not be able to do this for region.sch.uk so you need to get them to recognise school.region.sch.uk as your domain name.
Had no end of fun with this in the past with GoDaddy, repeatedly explaining that no I cannot put a text file on sch.uk.
No need for the panic. Basically the auto mailer system for the CA company pulls the standard domain which is area.sch.uk and uses that for its confirmation emails but when it comes to creating the actual cert which is checked by a human it would have come back with an whois error and they would have realised it was a UK school which needs school.area.sch.uk and the cert would have been created correctly.
That's what they have said, lets see if they do send the correct cert.
If someone did get *.la.sch.uk could they do any harm?
Ok, more help needed.
I have the certs and have imported the vpn.school.la.sch.uk.cer in to IIS.
The next thing the CA company have asked me to do is import a ips.CALEVEL1CA.crt. They say to do this by double clicking the file and selecting import then put it in Intermediate Certification Authorities folder, select the underlying Local Computer folder.
Firstly is this done on the IIS server?
If so, why when I do this do I not see a local compute folder. Even with physical store ticked I only get registry listed.
Is the following that I found on-line the same location as the above post issue? and will I be ok to follow this?
- Click on Start and then Run.
- In the Run window, type MMC in the Open: field and click on the OK button.
The Console1 window will appear.
- Click on File at the top and then select Add/Remove Snap-in... Alternatively, you can press Ctrl + M.
- In the Add/Remove Snap-in window, click on the Add... button at the bottom. This will open a third window named Add Standalone Snap-in.
- Scroll down in the Add Standalone Snap-in window and find the Certificatescomponent. Once found, highlight it and click on the Add button at the bottom. Alternatively, you can double-click on Certificates.
In a new window, you will be given 3 options for which account you want the certificates snap-in to manage.
- Select the Computer account radio button and click on the Next button.
- At the next screen, click on the Finish button.
That's fine to follow that - it's just displaying your certificates in a snap-in, not changing anything on your machine at all. Once you have that open you can go into the Intermediate CA folder, into the Certificates sub-folder, right click in the right hand pane and choose All Tasks > Import. Then just follow the wizard.
Originally Posted by edutech4schools
I'm not definite on this but I suspect that you need to import that into your domain computers (can be done by GPO), as it's part of the certification chain. Someone more definite than me can confirm or deny for you, though!
I also have a third cert ipsCAGlobal.crt which not to sure about.
ok the third cert is already in the trusted CA folder.