I am working at a client site that needs IPSec Certificates generated for their VPN clients.We have a Microsoft Windows Server 2003 and have Certificate Authority installed on it. When we browse to http:\\<hostname>\certsrv, and go thru the process of obtaining a certificate, we do not see "IPSec listed as a type of Certificate that can be applied for. What we do see are Administrator, User, EFS, and two others.I logged onto the server and went into MMC into the CA management. There is a folder in there entitled, Certificate Templates. I was able to add IPSec as a Certificate Template. Based on this, I expected to see IPSec as a selectable choice when we browse to http<hostname>\certsrv, but it still did not show up as a choice.I tried restarting the CA. I also tried rebooting the server itself. But at this point, I still do not see IPSec as a selectable choice for type of certificate.Can anyone shed light on what needs to be done to make the IPSec Certificate Template available when applying for a Certificate to the CA?Thank YouKMNR Owner

Hi,You must set the permissions correctly on the certificate template named ipsec (offline request) from the Certificate templates mmc snap-in and it will show up on the webenrollment page if you select advanced certificate request.Have a nice day! The Masterplan - MCSE,MCITP-EA http://winmasterplan.blogspot.com

Hi, As Masterplan explained, the user should have proper permission on Certificate Template. Please follow the steps below for troubleshooting: 1. Open MMC, add Certificate Template snap-in. 2. Double-click IPSec (Offline Request), switch to Security tab, give the user Read and Enroll rights. 3. Close and restart IE on clients computer to test. ThanksThis posting is provided "AS IS" with no warranties, and confers no rights.

Currently in the Security Tab of the "IPSec" Security Template in MMC, I do have my username as well as "Authenticated users" with "Full Control". I tried closing the existing browser on the client machine, but the pulldown still only showed "Administrator, Basic EFS, EFS ecovery Agent, User, Subordinate Certification Authority, and Web Server".Is there anything else I may need to look at?KMNR Owner

Are you sure your CA [as listed in certdat.inc] issues this particular certificate template?Andrew

HI, Please note, IPSec and IPSec (Offline Request) are different templates, make sure you have configured all of them. Open the CA, double-click your CA Server, choose Certificate Templates, if IPSec (Offline Request) was not listed, right-click Certificate Templates, choose New-> Certificate Template to issue, choose IPSec (Offline Request) and IPSec to issue. Try to restart CA service, IIS and clients IE to test. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

You ever figure out why this is happening? I am having the same problem however only the USER template shows up for me. All templates are installed and the rights are set fine.

Hello Zhang, When I go to certificate templates, properties, I don't have the security tab, then I can not assign permissions. How I can modify permissions¿? Thanks!