'Certificate types are not available' When creating computer certificate?

Solution 1

You are following the right steps (http://support.microsoft.com/kb/316898/en-us), but the error likely means that you either have no enterprise certificate authority (CA) in the domain, or the CA is not accepting new certificate requests for some reason. It may also be that your installed CA is not allowing generation of "Computer" certificate types. This can be checked in the CA configuration.

The solution depends on whether you already have an enterprise CA set up and configured. If not then you need to create one (there is guidance on the Microsoft technet site, but it's not trivial) or else use another way of generating self-signed SSL certificates such as one of the free downloadable tools.

Solution 2

in my setup i have 4 DCs and needed the certificate for LDAPS. i successfully created a certificate on the DCs that has the CA installed, but on the others i, like you, got the "Certificate types are not available" error.

the problem was that these DCs didn't trust the CA. i added the certificate to the trusted root CAs in the default domain policy, gpupdate on the DCs and it worked

Solution 3

I had the same problem manually requesting computer certificates although they worked automatically and there was no problem requesting user certificates.

I resolved the problem by changing IIS directory security settings to allow anonymous access for the PKI virtual directory only!

Related videos on Youtube

23 : 31

How to fix certificate errors in Exchange 2010 2013

Robert McMillen

56

09 : 58

03. Set Up Automatic Computer Certificate Enrollment in Windows Server 2019

MSFT WebCast

28

09 : 43

Cấu hình Certificate trên Windows server 2012 R2

microsoft lab

5

03 : 10

Khắc phục lỗi Failed to validate certificate.

Tài Chính Kế Toán

4

05 : 21

Working with certificate templates

David Dalton

1

Author by

Gad82

Updated on September 17, 2022