Re: Certificate Services

From: Shawn Corey [MSFT] (shawncor_at_online.microsoft.com)
Date: 01/27/04


Date: Mon, 26 Jan 2004 15:17:31 -0800

For enterprise CA's there must be a certificate template specified in either
the request itself or the attributes passed along when submitting the
request. If you are using the ICertRequest::Submit function for submitting
then you can add a string to the Attribute parameter that contains something
like "template:User", this will let the Enterprise CA know which template is
being requested. Alternately when you create the request you can include the
template attribute inside of it. A Standalone CA will ignore this attribute
but an Enterprise CA requires it.

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Ben Skolmoski" <anonymous@discussions.microsoft.com> wrote in message
news:8E99CC11-A530-4868-A592-8657ED218432@microsoft.com...
> I am trying to post a CSR request to a windows 2003 Enterprise Root CA, I
can successfully post to the the ca, but my request fails every time with
the error that no certificate template information was supplied in the
request.  This same code works fine when posting to a Windows 2003 Stand
Alone Root CA.  Any information would be greatly apreciated.
>
> Thank You,
> Ben SKolmoski


Relevant Pages

  • Re: Enterprise vs Standalone CA
    ... > and read the necessary document and it looks like Enterprise is the way ... >> The enterprise CAs work closely with the AD. ... >> intervention for decisions of cert issuance, request ... It will issue only a handful of certs ...
    (microsoft.public.win2000.security)
  • Re: Requesting Computer Certificates
    ... You indeed have an Enterprise CA, ... Certificate ... Can you request a User ... check the DACLs on the Computer certificate template (in ...
    (microsoft.public.windows.server.security)
  • Re: How could my program support enterprise CA?
    ... You can look at ICertRequest Interface to submit request to the Enterprise ... After you get the certificate back you should install it in the user's ...
    (microsoft.public.platformsdk.security)
  • Re: Certificates Service: Web Enrollment Pages on another computer
    ... I am pretty sure that your problem is that since you are using an Enterprise CA, ... Web Enrollment Server needs to be a member of the domain in order to access AD and ... > Your request failed. ... An error occurred while the server was processing your ...
    (microsoft.public.win2000.security)
  • Re: Export PKCS #12 Format
    ... Is the request submitted to a Standalone CA or an Enterprise CA? ... snapin for the current user and not the CA snapin ... > I have tried using advanced request and marking the key as> exportable but when I try to export the key via the> Certificate Authority MMC as a PKCS #12 format the option> remains grayed out. ...
    (microsoft.public.win2000.security)