Solved

Certificate Templates not showing up

Posted on 2010-08-31
3
13,886 Views
Last Modified: 2012-05-10
I have an issue when trying to create a new Cert. template in my enviornment.

I have the following:
An offline Root CA running Srv2008 Ent. (ORCA001)
A subordinate Enterprise CA running Server 2008 Ent. (SUBCA001)

If I logon to SUBCA001, open pkiview.msc, open the templates and Duplicate ANY template, I am able to build the template, change values in the template and save the template.
If I wait for replication, I can see the new template on another writeable DC.

However, when I go to http://subca001/certsrv, 'request a certificate', 'advanced certificate request', 'Create and submit a request to this CA' the new template is NOT in the Template Drop-Down list.

Anyone have an idea as to what is going on?

0
Comment
Question by:TexasPlowBoy
3 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
What kind of template do you set up? On enrollment web page you can see only few defined certificates. If it is something out of "standard" you should open mmc console and add "Certificates Template" snap-in and select main node. Then click right mouse button on it and choose "View Objects Identifiers" then find interesting entry and copy or write down OID for you. Run web enrollment page and chose advanced options of new certificate and select "other" type and put particular OID in the box. Then you can approve that certificate in CA console.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
Comment Utility
Sanity check - did you issue the template to the CA after creating it?  To check, go into the Certification Authorities MMC (certsrv.msc) and check the Certificate Templates folder here (not the Certificate Templates MMC).  If it is not there then right-click the Certificate Templates folder and issue the template(s) that you are looking for.

Next thing to check is permissions on the template itself.  You can right-click the Certificate Templates folder - Manage to open the Certificate Tempaltes MMC (certtmpl.msc) to view the properties to check permissions.  Make sure your account has at least read and enroll rights.  

If we're still looking good, then check the Extensions tab and view the Certificate Template Information listing and see if the Subject Type: listed in the bottom part of the window is Computer or User.  For what you are trying to do you need this to be User.  If it is a Computer template then you need to open the Certificates MMC snap-in under the Local Computer context and request the cert from the Personal - Certificates folder here so that it will use the computer's credentials.

Another thing to check is on the Subject Name tab - you might try selecting to Supply in Request instead of pull from AD if you are using the web page.

You are able to view other templates, correct?  Check to see what OS compatibility is listed in Certificate Templates MMC - it may be that you need to upgrade your AD forest functional level to support the template type (e.g. you need AD forest level to support a 2008 template) - if you are still at 2003 forest then you need to create the template as being 2003 compatible, even if your CA is 2008.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now