deewave
asked on
Cannot request certificates
Hi
If I go on my http://CAservername/certsrv, and click on "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.", I get this error:
"No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory"
My CA server is a domain member (not a DC) Windows 2008 R2 server. Using the Certificate Template Console, all templates are present.
Thanks for helping,
Sebastien
If I go on my http://CAservername/certsrv, and click on "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.", I get this error:
"No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory"
My CA server is a domain member (not a DC) Windows 2008 R2 server. Using the Certificate Template Console, all templates are present.
Thanks for helping,
Sebastien
ASKER
Hi Steve
Thanks for the quick reply
I'm doing it as an administrator. I would use the Web Server template, but their is no template available in the drop-down list.
Yes I verified the permission for the template and I (administrator) do have the rights
In the Certification Authority snap-in, the template is listed
Thanks,
Sebastien
Thanks for the quick reply
I'm doing it as an administrator. I would use the Web Server template, but their is no template available in the drop-down list.
Yes I verified the permission for the template and I (administrator) do have the rights
In the Certification Authority snap-in, the template is listed
Thanks,
Sebastien
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've rebooted the server, and now everything is fine!!??
Oh well... thanks for your help Steve.
Sebastien
Oh well... thanks for your help Steve.
Sebastien
Glad you got it working!
ASKER
I'll accept Steve's solution, because he did suggest to have a look at the Event Viewer ("Lastly, have you checked event viewer on the server for any errors that might be relevant?"). If I did, I'd have seen that my server was achy and needed a reboot.
Is there a specific template you're trying to use?
If you know the template you need, pull up the properties of that template in the Certificate Templates snap-in. On the security tab, confirm that the account you are using has permission to enroll a certificate with that template.
Regarding the last part: "Using the certificate template console, all templates are present" - The certificate templates console lists templates that exist on the server, but not all of those templates are necessarily available to be issued by the server. Check in the Certification Authority snap-in. Expand your server name, and select the Certificate Templates folder. Here you'll find a list of templates that the server can issue. If the template you need is not listed here, right click and select "New > Certificate Template to Issue". From there you can select a template from the templates that are listed in the certificate template snap-in.