lmace712
asked on
Unable to create 512 bit computer cert in MS Certificate Authority
I have spent over 2 hours trying to create a 512 bit cert for my dev engineers to use on BLE devices, (Low Energy Bluetooth).
I have created the template and modified every way I can think of but get these type of errors:
Certificate enrollment for Local system failed to enroll for a Computer512 certificate from PAD01.Awarepoint.com\PAD01
Certificate enrollment for Local system failed to enroll for a Computer512 certificate from PAD01.Awarepoint.com\PAD01
Active Directory Certificate Services could not process request 312 due to an error: Cannot archive private key. The certification authority is not configured for key archival. 0x8009400a (-2146877430). The request was for AWAREPOINT\PAD01$. Additional information: Error Archiving Private Key
I have read some blogs and tried to change the parameters of the CA and the template but no success.
I am not very adept at certs etc. can anyone help on this?
CA is on Windows 2008 DC.
I have created the template and modified every way I can think of but get these type of errors:
Certificate enrollment for Local system failed to enroll for a Computer512 certificate from PAD01.Awarepoint.com\PAD01
Certificate enrollment for Local system failed to enroll for a Computer512 certificate from PAD01.Awarepoint.com\PAD01
Active Directory Certificate Services could not process request 312 due to an error: Cannot archive private key. The certification authority is not configured for key archival. 0x8009400a (-2146877430). The request was for AWAREPOINT\PAD01$. Additional information: Error Archiving Private Key
I have read some blogs and tried to change the parameters of the CA and the template but no success.
I am not very adept at certs etc. can anyone help on this?
CA is on Windows 2008 DC.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Soon 1024 will not be an option, 2048 is now the recommended min.
ASKER
it worked
On the tab, there are the following options:
Do the following when a certificate request includes a key archival:
O Do not archive to key
o Archive the key
Number of recovery agents to use: 0
To configure this you will need:
a) A Recovery agent account in AD.
b) A Recovery agent certificate template
c) Register new recovery agent with the server
d) Configure a cert template including key archival
e) Deploy new certs using new template
Press F1 for help on steps on how to do this.