1

Has anybody come across an issue where the certificate templates field is missing in the certsrv web-page? I am running 'Windows2012R2 Standard'. The online tutorials all have this combobox, but i am at a loss as to why it is missing.

certsrv Bad

This is a picture of what i am seeing:

certsrv Good

Also, from the 'Certification Authority' snappin, i am missing this branch 'Certificate Templates' completely?(got the image from internet)
missing branch

Has anybody any idea what i am missing, is there something else i need to install, or did i miss a step during installation?

Thanks

Solution: install as 'Enterprise CA'. But note, this installation option is greyed out if you are not the Administrator user!

Houtman
  • 113
  • 1
  • 7

2 Answers2

2

The problem is that your CA is Standalone CA, which do not use certificate templates. Templates are available in Enterprise CAs only.

this means that you request shall include all required information to construct the final certificate.

Crypt32
  • 6,639
  • 1
  • 15
  • 33
  • Thanks. What is the way to fix this, complete reinstall? – Houtman Dec 02 '15 at 15:51
  • Yes, the only way is to completely reinstall CA server. – Crypt32 Dec 02 '15 at 15:54
  • The "enterprise" option is greyed out.(and i actually only have 1 DC, this one..) Shouldn't the "CA type = Root CA" be enough? – Houtman Dec 02 '15 at 16:08
  • Make sure if your CA is connected to Active Directory and you have Enterprise Admins permissions. – Crypt32 Dec 02 '15 at 16:10
  • But there is no domain.. just this single machine is going to act as a way to generate certificates.(not even connected to a network) Then i'm taking the DC public key and install it on client machines which require a trust relationship with the SSL certificate. – Houtman Dec 02 '15 at 16:14
  • Then keep Standalone CA and submit certificate request via Certification Authority MMC (right-click on CA node) and select Submit New Request. Or copy/paste request contents to web enrollment form. – Crypt32 Dec 02 '15 at 16:16
  • That's what i did already.(if i understand you correctly) But in the "web enrollment form" the combobox is not showing, which is my issue. – Houtman Dec 02 '15 at 16:21
  • There is no combo box for cert templates, because there are no templates. It is not necessary. – Crypt32 Dec 02 '15 at 16:23
  • i'm confused. i installed a 2012R2, single machine DC (inside a VM), as Root CA, and i have the web enrollment browser page with the template selection combobox, and i additionally enabled the 'code signing' template for use of singing Java JAR files. But a colleage overseas is trying the same install, but doesn't see the templates. Can you point me to a resource explaining why templates are(and are not) used in single or enterprise situations? – Houtman Dec 02 '15 at 16:37
  • Certificate templates are shown when CA is installed as Enterprise CA (requires Active Directory). – Crypt32 Dec 02 '15 at 16:40
  • Ah.. my colleage replied. he did the install using the 'administrator' account, and then he was able to select the 'enterprise CA' option. (which at first was grayed out) And now the certsrv page does show the combobox with templates. Thanks for your quick response&help. – Houtman Dec 02 '15 at 17:08
0

You haven't published any templates yet or configured the certificate template(s) for the CA to issue. Right-click on Certificate Templates and select Manage. That opens the certificate templates mmc.

http://blogs.technet.com/b/askds/archive/2010/05/27/designing-and-implementing-a-pki-part-iii-certificate-templates.aspx

Configure the Web Server certificate template
https://technet.microsoft.com/en-us/library/ee649187%28v=ws.10%29.aspx

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • But the thing is, the red-circled leaf isn't even there. (i used the picture from somewhere else) i used "mmc.exe" from the commandline to open the window which appears when "manage" is clicked (peeked at taskmanager startup commandline on another server), Then the server actually asked something like "you haven't installed xyz, Click Ok to install..". But even after that, and enableing permissions for e.g. "webserver template", the combobox doesn't appear – Houtman Dec 02 '15 at 13:53