Under some circumstances after installation Windows Enterprise Operating System and configuration of AD Certification Services as Enterprise CA, the CA Services still doesn’t allow publication of certificate templates in versions higher than V1. This is because of misconfiguration of registry entries, which determines type of CA installation as Standard.
The solution for this problem is proper setup of bit flag in the CA configuration. It can be done with following command:
1 | certutil -setreg ca\setupstatus +512 |
After registry update, there is necessity of restart CA service.
More over, there is possibility of manual edition of the templates list, which is used by CA for certificates enrollment. It is possible by edition of attribute
1 | certificateTemplates |
in object
1 | pKIEntrollmentService |
. These objects are available under following path
1 | CN=Internal Issuing CA,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=contonso,DC=lab |
Excellent goods from you, man. I have understand your stuff previous to and you’re just too fantastic.
I really like what you’ve acquired here, certainly like what
you are saying and the way in which you say it. You make it entertaining and you still care for to keep it smart.
I can not wait to read far more from you. This is really
a wonderful site.