how to request an EOBO(Enroll On Behalf Of) certificate by certreq.exe
i want to request an EOBO certificate by certreq.exe, but i met bellow error"Certificate Request Processor: The certificate for the signer of the message is invalid or not found. 0x80096002 (-2146869246)"the command as belowcertreq -new -user -config "server.contoso.com\CA" "c:\EnrollmentAgentReq_Win7_Usr.inf" "c:\EnrollmentAgentReq_Win7_Usr.req"the inf file EnrollmentAgentReq_Win7_Usr.inf as below:[NewRequest]RequestType=pkcs7Subject="CN=user,CN=Users,DC=contoso,DC=com"Requestername=contoso\user [RequestAttributes]CertificateTemplate = EnrollmentAgentis there anyone met this error before? or someone can give me an example of request an EOBO certificate. Thanks a lot.
December 4th, 2009 9:57am

do you have Enrollment Agent certificate? You can enroll on behalf of another user if you alreadyhave Enrollment Agent certificate only. http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2009 1:19pm

thx for ur help. But now I want to "enroll on behalf of another user which alreadyhave Enrollment Agent certificate" by certreq command. Could you help on this?
December 7th, 2009 5:01am

No. _You_ (not any other user) must have Enrollment Agent certificate.http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2009 11:45am

Got it. Thx.
December 7th, 2009 11:47am

Hello, did you solve the problem? I have the same problem. I have a Enrollment Agent certificate and the enrollment works fine if I use the Certificate Enrollment wizard fom the certificate mmc. Can give me someone an example of request an EOBO certificate? Thanks a lot.
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2010 7:00pm

1) You must have an Enrollment Agent certificate in your personal store (certificate with the Certificate Request Agent application policy OID) 2) The certificate you are requesting must require one signature using the Certificate Request Agent application policy OID in the configuration of its certificate template 3) You must be assigned Read and Enroll permissions on the custom certificate template 4) In the Certificates mmc focused on the current user (you), you must point to File|All Tasks|Advanced Operations|Enroll on Behalf Of 5) In the ensuing wizard, you must designate your Enrollment Agent certificate 6) You must designate the User name information to put in the certificate (choose the account) HTH, Brian
May 8th, 2010 3:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics