Certificate Not showing on the Web console
The two most common problems I see with this are either permissions related or template version related.
The user logged into the certsrv site needs to have both Read
and Enroll
permissions on the certificate template. If they don't, it won't show up in the list of available templates.
Also when duplicating the template, you were likely asked what version to make it and given an option of "Windows Server 2003" or "Windows Server 2008". The certsrv web site is only compatible with the Windows Server 2003 based templates which I think corresponds to version 2. Ironically, this same limitation is present all the way through Windows Server 2012 R2. The certsrv site still can't use version 3 templates. Here's the related KB article as you found:
Related videos on Youtube
Lex
Updated on September 18, 2022Comments
-
Lex over 1 year
On a Windows 2008 R2, with an AD level of Windows 2008 R2 We need to create a cert to allow user/admin to enroll via the Web service page (https://CA/certsrv/)
On CA, right-click Certificate template and select manage In the certificate template, we've created a duplicate of an existing cert, and configured it with a new name
- The cert has domain computer with read/enroll permission
- Supply in the request is selected
I ran certutil -setCAtemplates to add it to the cert templateOn the web service page https://CA/certsrv > Request a certificate > Advanced certificate request > Create and submit a request to this CA, we only see a short list of certificate template
Does anyone have idea to how to publish a cert to be shown on the web page? What step am I missing here
-
Lex almost 8 yearsThank you for your answer. Mine had the required permissions on it (read/enroll). I did see a pattern that only pre-2003 were listed. I've used the same process to duplicate another cert to validate my steps and set it to 2003 instead of 2008, and it did showed up. My issue with the certsrv site not show my certificate was infact related to version3 as you have suggested. I wouldn't have thought to look at compatibility without your answer. TY support.microsoft.com/en-us/kb/2015796
-
Ryan Bolger almost 8 yearsMan I knew there was a KB article for it. I just couldn't find it the when I looked. They should reallly update it to apply to 2012 and 2012 R2 as well.