Custom Templates, Server 2008 R2 CA Web Enrollment

Usually the issue is one or a combination of the following things below:

1) In certificate template Subject tab wasn’t switched to Supply in request.

2) The enrollment permissions on the certificate are incorrect.

3) The Template was created for a 2008 R2 CA, but the forest level is still on 2003. A 2008 Cert Template can only be selected if the CA is on a 2008 R2 Server, AND the forest level is at 2008 R2.

4) IE was not opened with elevated creds, even if logged in as a domain admin account, right click IE > run as Admin.

5) Last but not least, You have to add the template to the CA to allow it to be issued.
Open Certification Authority MMC snap-in, select Certificate Templates node. In the Action menu, select New and Certificate Template To Issue.

Enjoy signing certificates on your enterprise CA!

Jan 2018 Update

Even I’m not sure what the heck this post was about, but if my memory serves me correctly, it’s when you attempt to use a particular Certificate template in either the MMC snap-in or the CA’s web portal and find the certificate is not available from the drop down menu to be selected.

Kinda wish i would have referenced some of these claims, but I’ll take my own word for it. Haha 🙂

Leave a Reply

Your email address will not be published.