Sometimes you need to create your own template for requesting certificates from a Windows CA, e.g., for encrypting or signing documents. When you request a certificate based on the new template for the first time, this task might fail.

The first issue you will probably encounter when using a custom template is that the template does not appear in the Active Directory registration policy at all. If you try to circumvent this problem by selecting the Show all templates checkbox, the new template will be displayed, but with a status of Unavailable.

If you want to issue a certificate based on the new template, you will not find the template in the list

If you want to issue a certificate based on the new template, you will not find the template in the list

The description you will find there reads:

The requested certificate template is not supported by this CA.

A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted.

To solve this problem, open certsrv.msc. In the left pane, right-click Certificate Templates and select New > Certificate Template to Issue.

Issue the new template via certsrv.msc

Issue the new template via certsrv.msc

The list that appears should contain the new template. Select the new template and click OK to confirm.

Subscribe to 4sysops newsletter!

Selecting the template to be issued by the certificate authority

Selecting the template to be issued by the certificate authority

The next time you attempt to request a certificate in certmgr.msc, the template should be visible and available.

avatar
0 Comments

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account