Cannot submit certificate requests to root CA

I'm aware this question has been asked before, but none of the solutions have helped me.

The reason I set up a CA was solely for the purpose of creating an SSTP VPN, so everything is all on one Server 2008 R2 host, the domain controller, the standalone root CA and the RRAS. I am also logged in as the built-in domain administrator.

When I first set it up, everything was working great, and I was able to request a 'Server authentication certificate' through the web enrolment at http:\\localhost\certsrv -> Request a certificate -> Advanced certificate request -> Create and submit a request to this CA

That was last year. Inevitably, the certificate expired, so I went to submit a new request. But, the link for Create and submit a request to this CA is now not available. When I click on Advanced certificate request, it takes me straight to the Create a certificate request by using a base-64-encoded CMC ... page.

If I try going to the address to create a new request: http://localhost/certsrv/certrqma, the page does load, but the CSP drop down box is stuck on Loading... and the hash algorithm drop down box is empty.

One solution for this was to ensure that I had scripting enabled, which I checked, and I do.

Instead of just re-building the server, I have created a virtual machine in hyper-v, which is set up in the same way (except I have increased the validity of the certificates to 99 years Lol), so that I still have an SSTP VPN to use, and hopefully we can figure out what's gone wrong with my original one.

The main question really is "Why would the 'Create and submit a request to this CA' link disappear?"


Solution 1:

If you're using IE, try experimenting with security zones, enhanced security configuration and compatibility mode. From memory, I am sure I've experienced your problem above, but it's a while ago...

...I seem to recall that an Active-X control needs to be able to execute to use web enrolment.