• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Microsoft Certificate Authority - New Template for VMware vSphere SSL Certificates

Unable to issue/enable new template. Newly created template does not appear.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

Doesn't appear to be an replication issue. All domain controllers have the newly created template. Adequate time has passed.

The newly created template is a duplicate of the default Web Server template with some modifications per VMware KB 2062108.

"Supply in the request" yes

"Enroll allow permissions" yes

Windows Server 2012 R2

Any and all input appreciated.

Thank you,

Caleb Meadows
0
CogentCoIT
Asked:
CogentCoIT
  • 4
  • 3
1 Solution
 
arnoldCommented:
What are you expecting, the web template is not available for auto enroll.

You can use the certsrv url to submit the csr for signature.

I guess I am missing what you are asking.
Replication has nothing to do with CA templates unless these DCs are subordinate/issuing CAs.
0
 
CogentCoITAuthor Commented:
Thank you for your prompt response Arnold. My apologies if I was not clear. Please see attached PDF document that includes screenshots.

After duplicating the Web Server template to create the VMware-SSL template including the modifications requested by VMware per:

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

The newly created VMware-SSL template does not appear in the list to be enabled on the certificate authority.

In addition; the newly created VMware-SSL certificate is not an available template to choose from the certsrv url.

I'm following this article to issue Microsoft CA signed certificates to my VMware vSphere environment.

http://theithollow.com/2014/08/create-vmware-ssl-certificate-requests/#comment-22551
Experts-Exchange.pdf
0
 
arnoldCommented:
What name did you give this template?  
Might you have overwritten the default web server template?


If you go back to the certtemplate MMC, do you see the vmware template listed there?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
CogentCoITAuthor Commented:
What name did you give this template?  VMware-SSL

Might you have overwritten the default web server template? Not a chance
0
 
arnoldCommented:
Is the template listed in the template creation interface?
Check the properties of the newly created template. Permissions.
Not sure what is  preventing it from being display, see if refreshing the list or loadin the certca mmc a new will reflect the newly created template in the manage section.
0
 
CogentCoITAuthor Commented:
Known bug/fix identified by Microsoft support:

From a domain controller; launch ADSIEdit.msc, then expand CN=Configuration | CN=Services | CN=Public Key Services | CN=Enrollment Services. Right click the CA in the right pane that you want to enroll from and click properties. Find the flags attribute; and verify that it is set to 10. If it isn't set to 10, then set it to 10 using ADSIedit.msc and allow for Active Directory replication to complete.
0
 
CogentCoITAuthor Commented:
Known bug however Microsoft has failed to publish a KB article in relation to this specific issue and fix.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now