how to duplicate a certificate template using a command? (Network Steve Forum)

how to duplicate a certificate template using a command?

I'm deploying NAP and I would like to duplicate a certificate template that is in the certtempl.msc but with commands. I'm using Windows Server 2008 R2. And I have installed an enterprise CA and i'm working on the AD. Is duplicating a template the same as requesting a new template? If yes, these are the commands I have been trying In a file csr.inf i typed: [NewRequest] Subject="CN=dc1,DC=contoso,DC=com" Exportable=TRUE KeyLength=2048 MachineKeySet=TRUE FriendlyName="Manual Certificate" KeySpec=1 [EnhancedKeyUsageExtension] OID=1.3.6.14.1.311.47.1.1 [Extensions] 1.3.6.14.1.311.47.1.1="System Health Authentication" [RequestAttributes] CertificateTemplate="Workstation" and then in then i create the new request certreq -new csr.inf request.req after that I try to submit the request using this command certreq -submit -config - -crl -rpc request.req certFileOut.cert but i get the following error: Certificate not issued (Denied) Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: 1.3.6.1.4.1.311.21.8.1806387.4854250.11684030.1596675 3.1069840.122.1.30(Workstation Authentication)/Workstation. Any idea if my approach is correct and if not what is the right approach?

March 15th, 2011 4:43pm

This is because you haven't assigned specified template to CA server. Open Certification Authority MMC snap-in, select Certificate Templates node. Click Action -> New ->Certificate Template to Issue. If client computer is Windows 7 or Windows Server 2008 R2 you may need to refresh group policy by running 'gpupdate /force' command. http://en-us.sysadmins.lv PowerShell PKI module: http://pspki.codeplex.com/

Free Windows Admin Tool Kit Click here and download it now

March 15th, 2011 5:00pm

Isn't there a way to do it with commands without opening the certification Authority MMC snap-in? I mean duplicating an already existing certificate. Like the Workstation Authentication for example.

March 16th, 2011 6:57am

No. Microsoft don't support template duplication in other ways than Certificate Templates (certtmpl.msc) MMC snap-in.http://en-us.sysadmins.lv PowerShell PKI module: http://pspki.codeplex.com/

Free Windows Admin Tool Kit Click here and download it now

March 16th, 2011 7:31am

This topic is archived. No further replies will be accepted.