Alternative ways to get certs

I was working on a clients Skype for Business migration from Lync 2013 deploying the new Office Online Server and needed to get a certificate.  I went into IIS and requested a new certificate but no CA’s were listed for me to select.  Next I just generated the CSR and tried using the Web Services https://servername/certsrv, this failed as it was not setup properly.  Next I tried to RDP to the CA and use the Certificate Authority console from the MMC, this failed with an error Certificate not issued (Denied) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.  As a last ditch effort without trying to fix the clients CA I went to command line.  From the CA I used the following command  “certreq –submit –attrib “CertficateTemplate:WebServer” C:\temp\certfile.req  I was prompted to choose the CA and was able to save my certificate.

Hopefully this helps anyone else that is working with a broken CA.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s