I'm having a problem similar to that posted in this question: Missing Certificate template From certificate to issue The short version is that I've created a duplicate certificate template and I'm trying to add it to my domain CA so that I can issue certificates with it. However, when I go into the Certification Authority MMC and go to "Certificate Templates -> New -> Certificate Template To Issue", my template is missing (along with quite a number of other templates that are present in the domain). Unlike the previous question, however, my CA is running on Server 2008 R2 Enterprise. Our organization has a single DC and a single CA, so I'm not seeing where there could be propagation delay. Any ideas how to get my template to show so that I can issue certificates?
Just wanted to throw this out there for future searchers who this doesnt apply to. For me, I had to go into ADSI Edit and change a flag from 2 to 10. I did have to restart ADCS service afterwards before the cert became available.
". ADSIEdit.msc, then expand CN=Configuration | CN=Services | CN=Public Key Services | CN=Enrollment Services. Right click the CA in the right pane that you want to enroll from and click properties. Find the flags attribute; and verify that it is set to 10. If it isn’t set to 10, then set it to 10 using ADSIedit.msc and allow for Active Directory replication to complete."
answered May 26, 2017 at 17:58 51 1 1 silver badge 2 2 bronze badgesDead link in the article, here's the original blog: learn.microsoft.com/en-us/archive/blogs/askds/…. This change fixed our issues after a CA migration.
Commented Mar 7 at 21:02If you don't want to mess with adsiedit, you can use command certutil as workaround:
Commands has to be run locally on Enterprise CA under Domain Admin and CA computer account has to have full control rights over such template.
What is strange, is that parameter setCAtemplates isn't in official documentation nor builtin command help, but is working without problem. I found it in Windows Server 2008 - Active Directory Certificate Services Migration Guide
answered May 27, 2020 at 16:34 AndrewZtrhgf AndrewZtrhgf 41 2 2 bronze badgesDoes the account that is looking to use the template have the rights to do so? in the mgmt console, right click the Certificate template container and select manage templates. For the missing template, right click and select properties. On the security tab, ensure the account that wants to request the cert has the right to enroll.
answered Oct 11, 2011 at 19:49 6,452 23 23 silver badges 37 37 bronze badgesI can't get as far as a request, because I can't add the template to the CA. In the spirit of answering your question, though, yes.
Commented Oct 11, 2011 at 20:05You should be doing this through the CA Mgmt interface. The same place where you went to duplicate the template
Commented Oct 12, 2011 at 12:54Managing the templates is done in the "Certificate Templates Console", which connects to a DC. I'm now trying to add the template created there in the Certification Authority interface, which connects to a CA, and that's where it's not appearing.
Commented Oct 12, 2011 at 13:16I encountered the problem of certificate templates not appearing in user's computers in Certificate store, Windows 10. Here is a solution that worked for me.
After you have created your certificate template, close Certificate Authority.
Then launch certificate authority. Then view certificate templates. At this point, you will only see the certificate templates that are available for use. In my situation, since I was creating the first certificate template, nothing was appearing.
To publish the certificate template that you are working on, from the context menu, highlight certificate templates. Select New | Certificate Template to issue. Then select the certificate template that you were working on.
This will publish your certificate template to the world. It took me four hours to come up with this solution.