You cannot have a Version 2 custom template of Type Minimum Windows 2008 Supported CA to be Available via Web Enrollment in Windows 2008
This article has been archived. It is offered "as is" and will no longer be updated.
Source: Microsoft Support
RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
In Windows 2008, when you duplicate a template, you have an option to select the minimum supported CA. (Windows 2003 Enterprise or Windows 2008). If you want to use Web Enrollment to request the certificate based on a Custom Template created in the Certificate Authority running on Windows 2008, then you would have to create the custom template with Minimum supported CA as Windows 2003 Enterprise.
To Publish a Custom Certificate via Web Enrollment, we need to do the following.
- Go to Run and type certtmpl.msc which will open the certificate template manager.
- Create a Duplicate Template of the available templates from Certificate Template Manager by right click the existing template and select Duplicate Template. Select Windows 2003 Enterprise as Minimum Supported CA.
- Edit the Copy of the Template certificate template by viewing the Properties. You can provide a custom Name, validity and select "Publish certificate in Active Directory"
- On the Security tab, select Authenticated Users and click to select the Allow for Read and Enroll check box. You can also use a custom security group to whome you want to give this functionality.
- On the Request Handling tab, place a check next to Allow private key to be exported.
- On the Subject Name tab, click the radio button which states Supply in the request.
- Go to the Certificate Authority Snap in and right-click Certificate Templates folder. Point to New and then click Certificate Template to Issue.
- Select the new custom template and click OK.
- Restart the CA service.
- From the server which needs the certificate open the web page http://servername/certsrv and do a Advance Certificate Request. The custom V2 certificate template should be available in the drop dow now.
- Enter the FQDN of the server getting the certificate as the Subject.
- Make sure the certificate private key is exportable and complete the request.
Templates Created for Windows 2008 Minimum CA level cannot be used for Web Enrollment
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Article ID: 969198 - Last Review: 01/15/2015 16:41:45 - Revision: 1.0
Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard
- kbnosurvey kbarchive kbrapidpub kbnomt KB969198