how to duplicate a certificate template using a command?
I'm deploying NAP and I would like to duplicate a certificate template that is in the certtempl.msc but with commands. I'm using Windows Server 2008 R2. And I have installed an enterprise CA and i'm working on the AD.
Is duplicating a template the same as requesting a new template?
If yes, these are the commands I have been trying
In a file csr.inf i typed:
[NewRequest]
Subject="CN=dc1,DC=contoso,DC=com"
Exportable=TRUE
KeyLength=2048
MachineKeySet=TRUE
FriendlyName="Manual Certificate"
KeySpec=1
[EnhancedKeyUsageExtension]
OID=1.3.6.14.1.311.47.1.1
[Extensions]
1.3.6.14.1.311.47.1.1="System Health Authentication"
[RequestAttributes]
CertificateTemplate="Workstation"
and then in then i create the new request
certreq -new csr.inf request.req
after that I try to submit the request using this command
certreq -submit -config - -crl -rpc request.req certFileOut.cert
but i get the following error:
Certificate not issued (Denied) Denied by Policy Module 0x80094800, The request was for a certificate template that is
not supported by the Active Directory Certificate Services policy: 1.3.6.1.4.1.311.21.8.1806387.4854250.11684030.1596675
3.1069840.122.1.30(Workstation Authentication)/Workstation.
Any idea if my approach is correct and if not what is the right approach?
March 15th, 2011 11:35pm
Isn't there a way to do it with commands without opening the certification Authority MMC snap-in?
I mean duplicating an already existing certificate. Like the Workstation Authentication for example.
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2011 1:54pm