Unable to request certificates via web enrollment

Hello Experts,

I’m having an issue when I try to request a certificate via my certificate authority’s web.  When I try to submit a certificate request from the web interface, I get the following message:

No certificate templates could be found.  You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.

My environment is as follows:
-      I have a root domain (ABC.com) that really does not have anything in it.
-      I have a child domain (agency.ABC.com) – This is where all of my AD objects reside.
-      I have an offline root CA that is not part of any domain.
-      I have a subordinate CA that is a member of agency.ABC.com.

In troubleshooting the issue, I have done the following:
1.       I have made sure that the dNSHostName attribute on the subordinate CA and the sServerConfig value in the certdat.inc file match exactly.  

https://support.microsoft.com/en-us/help/811418/no-certificate-templates-could-be-found-error-message-when-a-user-requ

2.      On the certificate server, I created a new application pool and changed the application pool identity from ApplicationPoolIdentity to NetworkServices.  I did a reboot after this change.

https://theadminsguide.net/2012/08/29/no-certificate-templates-could-be-found-you-do-not-have-permission-to-request-a-certificate-from-this-ca/

3.      I made sure that the domain admins group of agency.ABC.com has the same rights in AD Sites and Services – Services – Public Key Services as the domain admin group of ABC.com

http://terenceluk.blogspot.com/2012/02/new-windows-server-2008-r2-enterprise.html

4.      I have verified rights on the certificate templates.

At this point, I’ve hit the max frustration level, so I thought I would reach out and see if I could find some help.  Any suggestions would be greatly appreciated.

Thanks,
Nick
LVL 1
ndalmolin_13Asked:
Who is Participating?
 
ndalmolin_13Author Commented:
I went through the comments on the link provided above.  I did not have the SSL configured.  I configured that, but I'm still getting the same message.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.