Re: Third party SSL requests

From: Mark Gamache (mark.gamache_at_css-security.com)
Date: 01/27/05 

Date: Thu, 27 Jan 2005 09:36:32 -0800

You can also use the CA web interface to enter the request. In this case
you will select a template from a pull down to apply to the request. This
has the same effect as certreq - attrib except keeps you from having to get
they syntax correct. However, this may alter the request to match the
template. I have been told that there is a reg key that will over ride the
application of the template, but I have yet to discover it. 

-- 
Mark Gamache
Certified Security Solutions
<jakupovic@gmail.com> wrote in message 
news:1106796090.086366.45450@f14g2000cwb.googlegroups.com...
> Hi Andy,
>
> I think I may have the solution, this has worked for me using the
> keytool that comes with java.  From the message you can gather that the
> request you submitted does not have a template entry after perusing
> through
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx#EIAA
>
> I found that if you use the certreq utility with -attrib switch you can
> use the certificate request you generated to make CA issue the cert.
>
> The complete command that worked for me was
> certreq -Submit  -attrib "Certificate Template Name: Web Server"
> myreq.csr output.der
>
> where myreq.csr is the request file generated with java keytool.
>
> you can email me if this doesn't work.
>
> --elvis jakupovic
>
>
> Andy wrote:
>> I am trying to submit a request generated by openssl on a
>> unix machine.  I am currently using the Certificate
>> authority in windows 2003 enterprise.  I have the proper
>> file, but I get this warning:
>>
>> Denied by Policy Module  0x80094801, The request does not
>> contain a certificate template extension or the
>> CertificateTemplate request attribute.
>> The request contains no certificate template information.
>> 0x80094801 (-2146875391)
>>
>> That being said, how do I go about successfully submitting
>> the request?
>

Relevant Pages

  • Re: How to renew a certificate programmicaly
    ... Name 2 extension must contain a UPN entry, ... Please notice that the application> policy restriction is "Enrollment Agent" and that the "old certificate" does> not have this application policy. ... > I cannot see this template in the MMC snapin, I guess it is because it has> "X number of authotized signatures" and "Subject details supply in request". ...
    (microsoft.public.platformsdk.security)
  • Re: Problems requesting computer certificates on an issuing CA
    ... The exact permissions on my template are: ... I tried to manually enroll for a computer certificate based on ... CA allows the computers to request certificates. ...
    (microsoft.public.windows.server.security)
  • Re: Certificate Renewal questions
    ... A renewal request is a request for a new certificate signed by the old ... A renewal request submitted to an Enterprise CA may refer to a template that ...
    (microsoft.public.platformsdk.security)
  • Re: Computer and User Certificates Issues
    ... You created a custom V2 template but is this CA running Windows Server ... > Can you request any certificate at all via the mmc snapin for either user ... > users have the allow permission for request certificates. ... I have also tried manually enrolling for a computer certificate ...
    (microsoft.public.security)
  • Re: Certification Authority cannot use certificate template
    ... certificate request wizard in IIS Manager. ... Also, at the CA, ensure that the Web server certificate template is ...
    (microsoft.public.security)