Microsoft Certificate Authority - New Template for VMware vSphere SSL Certificates

Unable to issue/enable new template. Newly created template does not appear.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

Doesn't appear to be an replication issue. All domain controllers have the newly created template. Adequate time has passed.

The newly created template is a duplicate of the default Web Server template with some modifications per VMware KB 2062108.

"Supply in the request" yes

"Enroll allow permissions" yes

Windows Server 2012 R2

Any and all input appreciated.

Thank you,

Caleb Meadows
CogentCoITAsked:
Who is Participating?
 
CogentCoITConnect With a Mentor Author Commented:
Known bug/fix identified by Microsoft support:

From a domain controller; launch ADSIEdit.msc, then expand CN=Configuration | CN=Services | CN=Public Key Services | CN=Enrollment Services. Right click the CA in the right pane that you want to enroll from and click properties. Find the flags attribute; and verify that it is set to 10. If it isn't set to 10, then set it to 10 using ADSIedit.msc and allow for Active Directory replication to complete.
0
 
arnoldCommented:
What are you expecting, the web template is not available for auto enroll.

You can use the certsrv url to submit the csr for signature.

I guess I am missing what you are asking.
Replication has nothing to do with CA templates unless these DCs are subordinate/issuing CAs.
0
 
CogentCoITAuthor Commented:
Thank you for your prompt response Arnold. My apologies if I was not clear. Please see attached PDF document that includes screenshots.

After duplicating the Web Server template to create the VMware-SSL template including the modifications requested by VMware per:

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2062108

The newly created VMware-SSL template does not appear in the list to be enabled on the certificate authority.

In addition; the newly created VMware-SSL certificate is not an available template to choose from the certsrv url.

I'm following this article to issue Microsoft CA signed certificates to my VMware vSphere environment.

http://theithollow.com/2014/08/create-vmware-ssl-certificate-requests/#comment-22551
Experts-Exchange.pdf
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
arnoldCommented:
What name did you give this template?  
Might you have overwritten the default web server template?


If you go back to the certtemplate MMC, do you see the vmware template listed there?
0
 
CogentCoITAuthor Commented:
What name did you give this template?  VMware-SSL

Might you have overwritten the default web server template? Not a chance
0
 
arnoldCommented:
Is the template listed in the template creation interface?
Check the properties of the newly created template. Permissions.
Not sure what is  preventing it from being display, see if refreshing the list or loadin the certca mmc a new will reflect the newly created template in the manage section.
0
 
CogentCoITAuthor Commented:
Known bug however Microsoft has failed to publish a KB article in relation to this specific issue and fix.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.