Can not find the certificate template

Others 2020-03-19 02:23:43 views: null

Can not find the certificate template

https://blog.csdn.net/weixin_34109408/article/details/92098655

https://blog.51cto.com/donex/616786

 

 

symptom:


When a user attempts to register Web page to request a certificate from the issuing certificate authority (CA), the user may receive the following error message:

Can not find the certificate template. Error You do not have permission to access Active Directory or the application of CA certificates from.

If the Web page is registered Active Directory domain on an enterprise CA server, this behavior will occur. The event, Web pages are registered or on a different member server on the same server.

the reason:


CA Web enrollment pages perform two values ​​are case-sensitive string comparison of. Is a value on the certificate% systemroot% \ System32 sServerConfig value and another value Certdat.inc Certsrv file folder in \ is in Active Directory dnsHostName pkiEnrollmentService property on the object. If the two strings do not match, including the case of registration failure in the match.

solution:


To correct this problem, follow these steps:

  1. Active objects on view pkiEnrollmentService Directory dNSHostName property. This object is in the following location:
    = CN CertificateServer CN = Registration Service, CN = Public Key Services, CN = Services, CN = Configuration, DC = MyDomain DC = COM
    To access dNSHostName property or use ADSIEdit.msc LDP.exe.
  2. Certdat.inc edit documents in order to sServerConfig values are equal, compared with the dNSHostName property Certificate Authority name.
    Please note sServerConfig value must be the exact same situation as dNSHostName property. If not, you will continue to get the same error.
  3. For example: If the DNS host name of the certificate authority is server1.domain.local, the certificate authority's name is MYCA, then make sure dNSHostName attribute "CN = MYCA, CN = Registration Service, CN = Public Key Services, CN = Services , CN = configuration, DC = domain DC = local object is set to "server1.domain.local", and should be set in the certificate authority certdat.inc file "% systemroot% \ system32 \ certsrv " folder sServerConfig to "server1 .domain.local \ MYCA ".
  4. The user has, and to request the certificate restart Internet Explorer. This allows the new credentials to the CA.

Note Also make sure that the permissions on the certificate template user that the user is granted Read and Enroll request. You can grant these permissions by using ADSIEdit.msc snap-in or the Certificate Templates snap-in.

 

================= End

 

Guess you like

Origin www.cnblogs.com/lsgxeva/p/12521575.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com