Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Creating a Certificate Request with Tomcat 6 to be signed my our 2008 CA

Posted on 2011-09-26
1
Medium Priority
?
1,155 Views
Last Modified: 2012-05-12
I am using the below Tomcat website to create a Certificate Signing Request for our Windows 2003 Web server running Tomcat 6.
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
I use the following 2 commands;

1.    keytool -genkey -alias tomcat -keyalg RSA \ -keystore <your_keystore_filename>
2.    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ -keystore <your_keystore_filename>

It creates  a certreq.csr.

I then Open my Windows 2008 Certificate Services CA and select; All Tasks/Submit New Request
Then select my certreq.csr file.
It gives me this error;
"The request contains no certificate template information 0x80094801 (-2146875391) Denied by Policy Module, the request does not contain a certificate template extension or the certificate template request attribute".



 
   
0
Comment
Question by:lanman777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 30

Accepted Solution

by:
Brad Howe earned 2000 total points
ID: 36601576
Hi,

Sounds like you have an Enterprise CA. it was the same setup with 2003.

ECA's (Enterprise CA) require templates where SCA's (Standalone CA) can be submited through certsrv.
http://support.microsoft.com/kb/910249/en-gb

Typically, ECA's are sent directly to the CA. Give this a shot from commandline on the ECA.

certreq -submit -attrib "CertificateTemplate:WebServer" certreq.csr

It should be in Pending for you to process afterwards.
Cheers,
Hades666
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question