From time to time, I receive a CSR from a customer which explicitly specifies the "Web Server" template to be used. We don't publish that template on our CAs since we duplicated it & made our own v2 template.
So, I tried the following command:
>certreq -config "SSLCA.contoso.com\Contoso SSL CA" -submit -attrib "certificatetemplate:ContosoSSLCertificate" -attrib "certificatetemplate:MerckIntranetSSLCertificate" ocspool.csr ocspool.cerThe error I receive is:
Certificate not issued (Denied) Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: WebServer/ContosoSSLCertificate.Why is the template I'm specifying in my certreq command being oppended to the template specified in the CSR (rather than overriding it)?