But that doesn't stop us.
My previous series of posts on configuring a CA hierarchy led my friends and colleagues to believe I might know a thing or two about running one - so I end up issuing certificates to them. The most recent request came from a web server where a friend was playing with an iPhone and ActiveSync. Yes, this is an IIS Web Server. I'm submitting it to my Enterprise CA.
I load up the Certification Authority console, and attempt to submit the request - no dice. Lo and behold, Microsoft KB 910249 came and bit me.
Certificate Request Processor
The request contains no certificate template information. 0x80094801 (-2146875391)
Denied by Policy Module 0x80094801, the request does not contain a certificate template extension or the Certificate Template request attribute.
Microsoft's resolution: Generate the request some other way.
Stuff that.
My solution:
certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt
The key is the extra attribute we add to force use of the template. The certificate is issued and we can go and import it to the web server.