Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Certificate Templates not showing up

Posted on 2010-08-31
3
Medium Priority
?
22,801 Views
Last Modified: 2012-05-10
I have an issue when trying to create a new Cert. template in my enviornment.

I have the following:
An offline Root CA running Srv2008 Ent. (ORCA001)
A subordinate Enterprise CA running Server 2008 Ent. (SUBCA001)

If I logon to SUBCA001, open pkiview.msc, open the templates and Duplicate ANY template, I am able to build the template, change values in the template and save the template.
If I wait for replication, I can see the new template on another writeable DC.

However, when I go to http://subca001/certsrv, 'request a certificate', 'advanced certificate request', 'Create and submit a request to this CA' the new template is NOT in the Template Drop-Down list.

Anyone have an idea as to what is going on?

0
Comment
Question by:TexasPlowBoy
3 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33574121
What kind of template do you set up? On enrollment web page you can see only few defined certificates. If it is something out of "standard" you should open mmc console and add "Certificates Template" snap-in and select main node. Then click right mouse button on it and choose "View Objects Identifiers" then find interesting entry and copy or write down OID for you. Run web enrollment page and chose advanced options of new certificate and select "other" type and put particular OID in the box. Then you can approve that certificate in CA console.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 33650197
Sanity check - did you issue the template to the CA after creating it?  To check, go into the Certification Authorities MMC (certsrv.msc) and check the Certificate Templates folder here (not the Certificate Templates MMC).  If it is not there then right-click the Certificate Templates folder and issue the template(s) that you are looking for.

Next thing to check is permissions on the template itself.  You can right-click the Certificate Templates folder - Manage to open the Certificate Tempaltes MMC (certtmpl.msc) to view the properties to check permissions.  Make sure your account has at least read and enroll rights.  

If we're still looking good, then check the Extensions tab and view the Certificate Template Information listing and see if the Subject Type: listed in the bottom part of the window is Computer or User.  For what you are trying to do you need this to be User.  If it is a Computer template then you need to open the Certificates MMC snap-in under the Local Computer context and request the cert from the Personal - Certificates folder here so that it will use the computer's credentials.

Another thing to check is on the Subject Name tab - you might try selecting to Supply in Request instead of pull from AD if you are using the web page.

You are able to view other templates, correct?  Check to see what OS compatibility is listed in Certificate Templates MMC - it may be that you need to upgrade your AD forest functional level to support the template type (e.g. you need AD forest level to support a 2008 template) - if you are still at 2003 forest then you need to create the template as being 2003 compatible, even if your CA is 2008.
1

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question