I’m having an issue when I try to request a certificate via my certificate authority’s web. When I try to submit a certificate request from the web interface, I get the following message:
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
My environment is as follows:
- I have a root domain (ABC.com) that really does not have anything in it.
- I have a child domain (agency.ABC.com) – This is where all of my AD objects reside.
- I have an offline root CA that is not part of any domain.
- I have a subordinate CA that is a member of agency.ABC.com.
In troubleshooting the issue, I have done the following:
1. I have made sure that the dNSHostName attribute on the subordinate CA and the sServerConfig value in the certdat.inc file match exactly.
2. On the certificate server, I created a new application pool and changed the application pool identity from ApplicationPoolIdentity to NetworkServices. I did a reboot after this change.
3. I made sure that the domain admins group of agency.ABC.com has the same rights in AD Sites and Services – Services – Public Key Services as the domain admin group of ABC.com
4. I have verified rights on the certificate templates.
At this point, I’ve hit the max frustration level, so I thought I would reach out and see if I could find some help. Any suggestions would be greatly appreciated.