Solved

Creating a Certificate Request with Tomcat 6 to be signed my our 2008 CA

Posted on 2011-09-26
1
1,087 Views
Last Modified: 2012-05-12
I am using the below Tomcat website to create a Certificate Signing Request for our Windows 2003 Web server running Tomcat 6.
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
I use the following 2 commands;

1.    keytool -genkey -alias tomcat -keyalg RSA \ -keystore <your_keystore_filename>
2.    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ -keystore <your_keystore_filename>

It creates  a certreq.csr.

I then Open my Windows 2008 Certificate Services CA and select; All Tasks/Submit New Request
Then select my certreq.csr file.
It gives me this error;
"The request contains no certificate template information 0x80094801 (-2146875391) Denied by Policy Module, the request does not contain a certificate template extension or the certificate template request attribute".



 
   
0
Comment
Question by:lanman777
1 Comment
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
Comment Utility
Hi,

Sounds like you have an Enterprise CA. it was the same setup with 2003.

ECA's (Enterprise CA) require templates where SCA's (Standalone CA) can be submited through certsrv.
http://support.microsoft.com/kb/910249/en-gb

Typically, ECA's are sent directly to the CA. Give this a shot from commandline on the ECA.

certreq -submit -attrib "CertificateTemplate:WebServer" certreq.csr

It should be in Pending for you to process afterwards.
Cheers,
Hades666
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now