I'm trying to create a certificate request for a non-domain PC. I've went through the steps on the PC of creating the customer cert request. I copied it to a domain PC and went to http:dc/certsrv > Request a certificate > Submit an Advanced Certificate Request > Submit a cert request by using base64... and pasted the contents of the request. However the only options I have are for "User" or "Basic EFS" template. How can I get the option for a computer certificate? Is there something I'm missing? Thanks, Scott

you must assign yourself Read and Enroll permissions on required template. Make sure if required template is assigned to your CA server. Additionally make sure if integrated authentication is enabled on IIS server.http://en-us.sysadmins.lv

Thank you for your response. I did verify that I have read and enroll permissions on the template. How do I make sure the template is assigned to the CA. I did New > "Certificate Template to Issue" and selected my template. Is that assigning it? I also verified that Windows Authentication is enabled on the certsrv virtual directory in IIS. We're running IIS7. Is that the same as Integrated Windows Authentication? Thanks a lot, Scott

> Is that assigning it? yes. > Is that the same as Integrated Windows Authentication? again yes. Just to clarify, Anonymous Authentication is enabled or disabled (should be disabled).http://en-us.sysadmins.lv

Anonymous is disabled. Ok. Thanks. I'm glad that checks out. So any ideas why I wouldn't be able to see anything other than Basic EFS and User templates in the web enrollment page when requesting a cert? Thanks, Scott

Unfortunately no. Web Pages Enrollment is the most incoprehensible thing for me. I can suggest to use 'certreq -submit' command to submit offline request to CA server.http://en-us.sysadmins.lv

On Mon, 10 Jan 2011 18:17:23 +0000, scottyp55 wrote: Thank you for your response. I did verify that I have read and enroll permissions on the template. How do I make sure the template is assigned to the CA. I did New > "Certificate Template to Issue" and selected my template. Is that assigning it? What certificate template specifically are you using and what are the settings on the Subject tab? Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Want custom ringtones on your Windows Phone 7 device? Some programming languages manage to absorb change but withstand progress.

I'm using the IPSec (Offline Request) template that I duplicated. The subject name tab has "Supply in the request" selected and "Use subject information..." checked. Anything I'm missing? Thanks, Scott

Is this version 2 (Windows Server 2003 Enterprise) or version 3 (Windows Server 2008 Enterprise)? Web enrollment don't support V3 templates (afaik).http://en-us.sysadmins.lv

This is 2008r2. I guess version 3. That's a bummer if it's not supported. Thanks.

On Wed, 12 Jan 2011 18:59:34 +0000, scottyp55 wrote: This is 2008r2. I guess version 3. That's a bummer if it's not supported. Thanks. Just because your CA is running 2008 R2 does not mean that every certificate template is a V3 template. You're offered the choice when you duplicate a template. If you want to use a V2 template then select 2003 when prompted. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Want custom ringtones on your Windows Phone 7 device? How do I love thee? My accumulator overflows.

Wow! That worked. I duplicated as 2003 and right away it was available in web enrollment. Thanks a lot!!!!!