I am very new to AD CA. I am trying to install a AD integrated CA for the forest and Web services and Server can Request certificate from it.
I installed CA role on a stand alone W2K8R2 Enterprise. It was set as Enterprise Root-CA.
There is also an existing Root-CA (W2K3 SP1) in the environment. I checked all the issued Cert were expired on this box.
For some reason, when I tried to create a Web Server Template. It never list in the Cert Template when I try to issue it via CA MMC.
I tried many different things like:
1) Add the new CA computer account to the Cert template and grant it read / enroll allow access
2) Added R/W to Domain users, Domain computers Universal group for CA computer account.
3) Tried to change the Subject name format
When I "Request new cert " usingCertificates MMC and try to show All certificate. It show my newly created templates with following error:
The requested Certificate template is not supported by this CA. A valid CA configured to issue certificates based on this template cannot be located, or the CA does not support this operation or CA is not trusted.
Any idea?