Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Cannot Issue a duplicate certificate

191 views
Skip to first unread message

David Delsouc

unread,
Aug 27, 2007, 10:36:01 AM8/27/07
to
Hello,

On a test computer, i try to implement a Certificate Authority with
AutoEnrollement.

I setup a CA on a test DC (Enterprise CA).
I"m going to "Manage Certificate Template". I use "Smart cart Certificate
template" to duplicate and Create "SmartCard2 template".

When I try to issue a the new Certificate Template, "SmartCard2 template"
isn't in the listbox.

Note : I Tried with other Certificate templates (Ex: User or EFS Basic) and
I got the same result. Of course, I tried this with the Enterprise Admin
Account.

I'm a PKI beginner, so can you help me please ?

Brian Komar

unread,
Aug 27, 2007, 12:19:56 PM8/27/07
to
The issuing CA must be running on Windows Server 2003, Enterprise Edition.
You are running Standard Edition. Only Enterprise Edition can issue
certificates based on version 2 certificate templates
Brian
"David Delsouc" <DavidD...@discussions.microsoft.com> wrote in message
news:75FE6C8F-2BF0-4A63...@microsoft.com...

David Delsouc

unread,
Aug 28, 2007, 3:24:10 AM8/28/07
to

"Brian Komar" <brian...@nospam.identit.ca> a écrit dans le message de
news: O%23mAoZM6...@TK2MSFTNGP03.phx.gbl...

> The issuing CA must be running on Windows Server 2003, Enterprise Edition.
> You are running Standard Edition. Only Enterprise Edition can issue
> certificates based on version 2 certificate templates
> Brian

OK, thank you. I'll try to install an Enterprise one.

David.


D. Bennett

unread,
Sep 14, 2007, 11:35:25 AM9/14/07
to
First... did you add the SmartCard2 template to the CA for issuing
(certsrv.msc, expand CA node, right click Templates node, and select add new
template for issuing... Then select your SmartCard2 template.

You indicated that you installed an Enterprise CA so that should be able to
issue a cert based off templates (not sure how Brian knows you are running a
Standard sku). You can verify your CA type by running certutil -cainfo on
your CA machine (or run certsrv.msc, expand the CA node... If you have a
Templates node then you are running an Enterprise CA).

"David Delsouc" <david....@wanadoo.fr> wrote in message
news:eWLBKQU6...@TK2MSFTNGP06.phx.gbl...

Paul Adare

unread,
Sep 15, 2007, 3:33:27 AM9/15/07
to
On Fri, 14 Sep 2007 08:35:25 -0700, D. Bennett wrote:

> First... did you add the SmartCard2 template to the CA for issuing
> (certsrv.msc, expand CA node, right click Templates node, and select add new
> template for issuing... Then select your SmartCard2 template.

If you'll reread the original post you'll see that David was trying to do
exactly this after duplicating the templates in question and the new
templates were not available to be selected.

>
> You indicated that you installed an Enterprise CA so that should be able to
> issue a cert based off templates (not sure how Brian knows you are running a
> Standard sku). You can verify your CA type by running certutil -cainfo on
> your CA machine (or run certsrv.msc, expand the CA node... If you have a
> Templates node then you are running an Enterprise CA).

Brian knew that he was running a Standard SKU because of the inability to
add the V2 templates that David created. An Enterprise CA cannot
necessarily issue certificates based on V2 templates. An Enterprise CA
simply means that the CA is a domain member. If said Enterprise CA is
running the Standard SKU as is the case here, it will still have a
templates node but will only be able to publish V1 templates.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
You forgot to do your backup 16 days ago. Tomorrow you will need that
version.

0 new messages