'Certificate types are not available' When creating computer certificate?
Solution 1
You are following the right steps (http://support.microsoft.com/kb/316898/en-us), but the error likely means that you either have no enterprise certificate authority (CA) in the domain, or the CA is not accepting new certificate requests for some reason. It may also be that your installed CA is not allowing generation of "Computer" certificate types. This can be checked in the CA configuration.
The solution depends on whether you already have an enterprise CA set up and configured. If not then you need to create one (there is guidance on the Microsoft technet site, but it's not trivial) or else use another way of generating self-signed SSL certificates such as one of the free downloadable tools.
Solution 2
in my setup i have 4 DCs and needed the certificate for LDAPS. i successfully created a certificate on the DCs that has the CA installed, but on the others i, like you, got the "Certificate types are not available" error.
the problem was that these DCs didn't trust the CA. i added the certificate to the trusted root CAs in the default domain policy, gpupdate on the DCs and it worked
Solution 3
I had the same problem manually requesting computer certificates although they worked automatically and there was no problem requesting user certificates.
I resolved the problem by changing IIS directory security settings to allow anonymous access for the PKI virtual directory only!
Related videos on Youtube
Gad82
Updated on September 17, 2022Comments
-
Gad82 over 1 year
Environment
Windows Server 2008 sp1 Xeon CPU E5430 @ 2.66 GHz 16.0 GB Ram 64-bit Operating System 1TB Disk Space
Server Role: SQL Server Other Information: Joint to domain, Logged in user domain administrator
Issue
Steps that cause issue:
Create a computer certificate using mmc snap-in 'certificates' by right clicking on 'Certificates' folder Under 'root\Personal' tree, and clicking All Tasks -> Request New Certificate. Certificate Enrollment window appears, you verify you are connected to your network and you are logged onto the domain. Then Click Next, which leads to a window stating the issue:
"Certificate types are not available"
"You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator."
Wanted Solution
Create a certificate on this server, to implement SSL connection to MSSQL servers.
-
Gad82 about 14 yearsI am trying to create a self signed certificate.... on the local computer... for use with SQL...
-
-
AnthonyK about 4 yearsHad the same issue as well. All I had to do was run
gpupdate /force
on the server where I was requesting a new certificate. Problem solved.