Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tuesday, November 6, 2012 6:52 PM
I am getting this error when trying to request a cert from my CA
The requested certificate template is not supported by this CA. 0x80094800
Denied by Policy Module
the request was for a certificate template that is not supported by Active Directory Certificate services policy: xxxx
this is a duplicate template of an existing web server template
Thursday, November 8, 2012 9:19 AM ✅Answered | 1 vote
Most likely it is 'VMwareSSL'. Run 'certutil -CATemplates' command to list all available templates for each CA.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Check out new: PowerShell FCIV tool.
Saturday, November 10, 2012 2:24 PM ✅Answered
It all depends on:
1) Whether the org installed the certificate enrollment Web pages
2) Whether the org install the Web pages on the same server
There is no "usual" URL. The answer is depends.
For example, I almost *never* install it anymore. Much better ways to enroll certs out there
Brian
Tuesday, November 6, 2012 7:14 PM | 3 votes
did you added new template to CA for issuance? I guess -- not. Open Certification Authority MMC snap-in, select Certificate Templates node. In the Action menu, select New and Certificate Template To Issue.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference: on TechNet wiki
Tuesday, November 6, 2012 9:27 PM
I am getting same error. I issued it and restarted the services but a request is still getting denied.
Tuesday, November 6, 2012 10:59 PM | 1 vote
then you are using wrong template name in the request.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference: on TechNet wiki
Tuesday, November 6, 2012 11:59 PM
this is my request
certreq -submit -config "PA-PKI2\WSGR-PA-PKI2-CA" -attrib "CertificateTemplate:VMware SSL" rui.csr rui.crt
VMware SSL is the template I duplicated from web server template. web server template works
Wednesday, November 7, 2012 4:03 AM
Hi
How did you generate your request ?
You need to generate your request on the vmware host via openssl and after submit to the CA via the WebEnroll or via the certutil cmd
don't forget to supply the Template Name attribute
hope this will help.
Stef71
Wednesday, November 7, 2012 7:49 AM | 3 votes
this is my request
certreq -submit -config "PA-PKI2\WSGR-PA-PKI2-CA" -attrib "CertificateTemplate:VMware SSL" rui.csr rui.crt
VMware SSL is the template I duplicated from web server template. web server template works
As I said, you are using wrong template name. You must use template common name (which is 'VMwareSSL' without spaces), not display name.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference: on TechNet wiki
Wednesday, November 7, 2012 10:49 PM
I did generate it on the vmware host. what is the url for web enroll?
instead of web enroll I used the above command instead
Wednesday, November 7, 2012 10:50 PM
how do i find out what is the template common name?
Saturday, November 10, 2012 1:45 AM
Thank you. you are right. there was no space. i appreciate it.
Saturday, November 10, 2012 2:20 AM
can you tell me what is usually the url for web enroll?
I tried
http://mypkiserver/Certsrv
but nothing