Unable to request certificates via web enrollment

Hello Experts,

I’m having an issue when I try to request a certificate via my certificate authority’s web.  When I try to submit a certificate request from the web interface, I get the following message:

No certificate templates could be found.  You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.

My environment is as follows:
-      I have a root domain (ABC.com) that really does not have anything in it.
-      I have a child domain (agency.ABC.com) – This is where all of my AD objects reside.
-      I have an offline root CA that is not part of any domain.
-      I have a subordinate CA that is a member of agency.ABC.com.

In troubleshooting the issue, I have done the following:
1.       I have made sure that the dNSHostName attribute on the subordinate CA and the sServerConfig value in the certdat.inc file match exactly.  


2.      On the certificate server, I created a new application pool and changed the application pool identity from ApplicationPoolIdentity to NetworkServices.  I did a reboot after this change.


3.      I made sure that the domain admins group of agency.ABC.com has the same rights in AD Sites and Services – Services – Public Key Services as the domain admin group of ABC.com


4.      I have verified rights on the certificate templates.

At this point, I’ve hit the max frustration level, so I thought I would reach out and see if I could find some help.  Any suggestions would be greatly appreciated.

Who is Participating?
ndalmolin_13Author Commented:
I went through the comments on the link provided above.  I did not have the SSL configured.  I configured that, but I'm still getting the same message.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.