Windows 10: Need help with Certificate Authority and cannot Submit a Certificate Request, bad Pki...

Discus and support Need help with Certificate Authority and cannot Submit a Certificate Request, bad Pki... in Windows 10 Customization to solve the problem; Hello. I have a problem. The root and subordinate certificate authorities had problems some years back. So we re-created a new root CA, however, it was... Discussion in 'Windows 10 Customization' started by LeeJohnson7, Oct 12, 2020.

  1. LEEJOHNSON7
    LeeJohnson7 Win User

    Need help with Certificate Authority and cannot Submit a Certificate Request, bad Pki...


    Hello. I have a problem. The root and subordinate certificate authorities had problems some years back. So we re-created a new root CA, however, it was named the same as the ORIGINAL root ca. Then made up and commissioned a new subordinate CA, This sub did NOT share the same name as the old one. The *new* root CA is not on the domain and it's powered off all the time, according to best practice. It's only job is to authenticate the *new* subordinate CA, which does all the cert work. By the way I can't seem to see any certificate authority or PKI information when I use ASDI to look at my schema. I can only see it using AD sites and services, service node, and Public Key Services. When I run pkiview.msc on my subordinate, i gets red x on both the root and sub. Looking at the root, there's an "Error" listing the subordinate CA. The AIA location 1 and 2 and CDP Location all show as Unable to Download, even after I power up the root ca computer. The listing it's trying to pull LOOKS ok to me, but not sure why it won't react if the machine is up. Except perhaps the root ca is not joined to the domain? Anyway I think I have to sort out my pkiview being unhappy before my REAL problems which are these. The *old* root CA which expired in 2018, is present on ALL my domain joined machines, because it was IN the pki architecture back when it was made. the *new* root ca is nowhere to be found, and must be manually cert loaded into trusted root authority on any machine that I want it to go on. To be honest I'm not sure what certs are working where if everyone only knows about the *old* root ca and not the new one, same name.\

    My problem that revealed all this, I'm trying to request a certificate on my subordinate CA, and it will not even let me try to paste in a CSR, as it gives me the error - "No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory"


    Can you help me untangle this mess? Advice appreciated, thank you!

    :)
     
    LeeJohnson7, Oct 12, 2020
    #1
  2. ALLEN EUGENESHAW
    Allen EugeneShaw Win User

    Microsoft DSRE PKI Certificate query

    Microsoft DSRE PKI

    Certificate Policy/Certification Practice Statement

    For TLS CAs

    (DSRE CP/CPS)

    is out of date. Should I accept it or will you update your certificate?

    ***Original title: Microsoft DSRE PKI***
     
    Allen EugeneShaw, Oct 12, 2020
    #2
  3. PRAKHAR_KHARE
    Prakhar_Khare Win User
    Microsoft DSRE PKI Certificate query

    Hi,



    Thank you for writing to Microsoft Community Forums.



    Microsoft DSRE PKI Certificate was last updated on June 2019. If you are using an older certificate, you can download the updated one from

    PKI Repository    .



    You can also refer
    Microsoft DSRE PKI     for more information on the change log.



    However, since your query is related to Microsoft DSRE PKI Certificate, I would suggest you to post your query on

    TechNet forums    , where we have expertise and support professionals who are well equipped with the knowledge to assist you with your query.



    Regards,

    Prakhar Khare

    Microsoft Community – Moderator
     
    Prakhar_Khare, Oct 12, 2020
    #3
  4. DIRKNIET MICROSOFT
    dirkniet microsoft Win User

    Need help with Certificate Authority and cannot Submit a Certificate Request, bad Pki...

    Microsoft DSRE PKI Certificate query

     
    dirkniet microsoft, Oct 12, 2020
    #4
Thema:

Need help with Certificate Authority and cannot Submit a Certificate Request, bad Pki...

Loading...

  1. Need help with Certificate Authority and cannot Submit a Certificate Request, bad Pki... - Similar Threads - Need help Certificate

  2. Certificate/PKI/Smart Card Logon

    in Windows 10 Gaming
    Certificate/PKI/Smart Card Logon: Hello,I am having an issue with authenticating users in an air gapped network after a patch. Any users prior created in AD prior to May 2022, can still authenticate with the server. However, if I create a new test account and attach my X.509 to altSecurityID attribute, I get...

  3. Certificate/PKI/Smart Card Logon

    in Windows 10 Software and Apps
    Certificate/PKI/Smart Card Logon: Hello,I am having an issue with authenticating users in an air gapped network after a patch. Any users prior created in AD prior to May 2022, can still authenticate with the server. However, if I create a new test account and attach my X.509 to altSecurityID attribute, I get...

  4. Certificate Authority and VPN issues

    in Windows 10 Gaming
    Certificate Authority and VPN issues: Hi all Apologises as this is all rather new to me. The other day we had issues with our remote users accessing VPN they had error messages like the below. After a lot of digging around it transpired our Certificate Authority server which is a virtual machine had an issue with...

  5. Certificate Authority and VPN issues

    in Windows 10 Software and Apps
    Certificate Authority and VPN issues: Hi all Apologises as this is all rather new to me. The other day we had issues with our remote users accessing VPN they had error messages like the below. After a lot of digging around it transpired our Certificate Authority server which is a virtual machine had an issue with...

  6. Certificate Authority and VPN issues

    in Windows 10 Network and Sharing
    Certificate Authority and VPN issues: Hi all Apologises as this is all rather new to me. The other day we had issues with our remote users accessing VPN they had error messages like the below. After a lot of digging around it transpired our Certificate Authority server which is a virtual machine had an issue with...

  7. Certification request

    in AntiVirus, Firewalls and System Security
    Certification request: Good Afternoon all, I don't know if I am in the right community, but I do have a concern that needs to fixed. I am a college student switch from Business Administration to IT & System Information. I have Lab assignment which is to use Sectigo to create email signature and...

  8. User enrollment Certificate Authority

    in Windows 10 Customization
    User enrollment Certificate Authority: I've a lab environment where I've set up my CA. Configured user and computer template for enrollment and checked with test users in client machines. I was able to see the user certificate and computer certificate while I try to enroll. But for one particular user when i login...

  9. Microsoft DSRE PKI Certificate query

    in Windows 10 Network and Sharing
    Microsoft DSRE PKI Certificate query: Microsoft DSRE PKI Certificate Policy/Certification Practice Statement For TLS CAs (DSRE CP/CPS) is out of date. Should I accept it or will you update your certificate? ***Original title: Microsoft DSRE PKI***...

  10. Bad security certificate

    in AntiVirus, Firewalls and System Security
    Bad security certificate: Working in French. Just got for the second time message: "Ce serveur ne peut prouver qu'il est go.microsoft.com; son certificat de sécurité est de www.holidaycheck.de. Ceci peut être dû à une mauvaise configuration ou quelqu'un essaie d'intercepter votre connexion." Any idea?...