Friday, March 25, 2016

Cannot issue a certificate template on a Windows Server 2008 Certificate Authority

This time I am writing about an issue with "older brother" of Windows Server - Windows Server 2008.
One of my customers had an enterprise root CA on a Windows Server 2008 box. Nobody new who had installed it and very few certificates had been issued. But now it was necessary to create a custom certificate template and deploy it to workstations.
So I create the template and and wanted to issue it, but it didn't appear in the list when select New - Certificate Template To Issue in the Certificate Authority console.
I had heard that this could be due to AD replication delays, but there was no problems in AD, all domain controllers had replicated the template.
Finally I found out that this was an Enterprise Root CA installed on a Windows Server 2008 Standard edition and it is not possible to deploy custom templates in such scenario.
The solution was to create a new Windows Server 2012 R2 CA hierarchy this time.

No comments:

Post a Comment