Certificate Not showing on the Web console

windows windows-server-2008 active-directory ssl-certificate certificate
50,476

The two most common problems I see with this are either permissions related or template version related.

The user logged into the certsrv site needs to have both Read and Enroll permissions on the certificate template. If they don't, it won't show up in the list of available templates.

Also when duplicating the template, you were likely asked what version to make it and given an option of "Windows Server 2003" or "Windows Server 2008". The certsrv web site is only compatible with the Windows Server 2003 based templates which I think corresponds to version 2. Ironically, this same limitation is present all the way through Windows Server 2012 R2. The certsrv site still can't use version 3 templates. Here's the related KB article as you found:

Version 3 (CNG) Templates Will Not Appear in Windows Server 2008 or Windows Server 2008 R2 Certificate Web Enrollment

Share:
50,476

Related videos on Youtube

Lex
Author by

Lex

Updated on September 18, 2022

Comments

  • Lex
    Lex over 1 year

    On a Windows 2008 R2, with an AD level of Windows 2008 R2 We need to create a cert to allow user/admin to enroll via the Web service page (https://CA/certsrv/)

    On CA, right-click Certificate template and select manage In the certificate template, we've created a duplicate of an existing cert, and configured it with a new name
    - The cert has domain computer with read/enroll permission
    - Supply in the request is selected
    I ran certutil -setCAtemplates to add it to the cert template

    On the web service page https://CA/certsrv > Request a certificate > Advanced certificate request > Create and submit a request to this CA, we only see a short list of certificate template

    Does anyone have idea to how to publish a cert to be shown on the web page? What step am I missing here

  • Lex
    Lex almost 8 years
    Thank you for your answer. Mine had the required permissions on it (read/enroll). I did see a pattern that only pre-2003 were listed. I've used the same process to duplicate another cert to validate my steps and set it to 2003 instead of 2008, and it did showed up. My issue with the certsrv site not show my certificate was infact related to version3 as you have suggested. I wouldn't have thought to look at compatibility without your answer. TY support.microsoft.com/en-us/kb/2015796
  • Ryan Bolger
    Ryan Bolger almost 8 years
    Man I knew there was a KB article for it. I just couldn't find it the when I looked. They should reallly update it to apply to 2012 and 2012 R2 as well.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why add computers to Active directory domain?
How can I see all users of domain in this PC?
How to Get user info from different domain
Cannot open any applications on windows server 2008 R2 Standard edition
Getting ASN1 bad tag error when trying to complete certificate request in IIS7
Windows Server 2008 Domain alias for users to log on to?
Where are SSL certificates installed?
Does "User name may not be same as computer name" apply to active directory user names
Auto Enroll all servers for RDP certificate
Reset AD Domain Administrator Password