我有一个在 Windows 2016 Server 上运行的从属 CA - 它一直在颁发证书,直到最近,我现在才在尝试提交 CSR 时收到错误:
请求不包含证书模板信息。0x80094901
(-2146875391 CERTSRV_E_NO_CERT_TYPE)
被策略模块拒绝 0x90094801,
请求不包含 CertificationTemplate 请求属性的证书模板扩展
任何帮助均感激不尽。
编辑:
当尝试建议时:https://www.ntweekly.com/2016/08/12/ca-error-when-requesting-certificate-from-mmc-using-a-scr-file/
错误:
C:\Users\Administrator>certreq -submit -attrib "CertificateTemplate: Web Server" C:\Users\Administrator\Desktop\pfsense.txt
Active Directory Enrollment Policy
{8D5864DC-B4A0-44B3-8065-ECF209FA0A18}
ldap:
RequestId: 38
RequestId: "38"
Certificate not issued (Denied) Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: Web Server.
The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)
Certificate Request Processor: The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)
Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: Web Server.
Web 服务器是 CA 证书模板下列出的证书模板
答案1
我今天花了一个小时研究这个问题,才发现“Web Server”不是一个有效的模板,我应该使用“WebServer”。啊啊啊!
答案2
C:\Users\Administrator>certreq -submit -attrib "CertificateTemplate:WebServer" C:\Users\Administrator\Desktop\pfsense.csr
Active Directory Enrollment Policy
{8D5864DC-B4A0-44B3-8065-ECF209FA0A18}
ldap:
RequestId: 44
RequestId: "44"
Certificate retrieved(Issued) Issued The certificate validity period will be shorter than the WebServer Certificate Template specifies, because the template validity period is longer than the maximum certificate validity period allowed by the CA. Consider renewing the CA certificate, reducing the template validity period, or increasing the registry validity period.