Categories
How-To Software Technical

Custom Certificate Request Errors with 0x80094801

In my attempt to submit a CSR for an internally generated Subject Alternative Name Certificate. I encountered the follow issue when attempting to submit it to my domain’s CA

I am using the ‘certreq’ method to enroll the new request.  Info on how to do this, found here: http://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx#BKMK_CertEnroll

Each attempt I got the following message:

Certificate not issued (Denied) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.

The request contains no certificate template information. 0x80094801 (-214687591)

Certificate Request Processor: The request contains no certificate template information. 0x80094801 (-2146875391)

Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.

It seems that this custom template was not listed in my certificate authority; but I knew its purpose was for a web server. So by opening the command prompt into the directory of my request file, ran the following command:

certreq -submit -attrib “CertificateTemplate:WebServer” <request.req> 

I was prompt for the CA Server name and after selecting it my request was processes and I was issued my certificate.

 

33 replies on “Custom Certificate Request Errors with 0x80094801”

And… it is I whom are truly thankful for you visiting my notebook/blog site. I enjoy sharing about incidents I run into and my steps to troubleshoot, and resolve them. I’ve been helped via my searches so this way I am able to “pay it forward”

All the best to you,

Jermal

Hello Jermal,
i need to certificate an ubuntu webserver without a GUI. If i started the openssl code on die webserver and try to install it, i got the same fail. Does anybody know how to install a certificate from ubuntu webserver by an issuing ca? I configured the iis on my ca, but the server can’t view or visit the page.
(And i’m sorry for my bad english – i’m german ^^” )

i have duplicated webserver template to include client authentication , when i use new template both by CLI and web i am hitting below error, even though i used shorttemaplate names

Your certificate request was denied.

Your Request Id is 23. The disposition message is “Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: clientserver. “.

i have duplicated webserver template to include client authentication , when i use new template both by CLI and web i am hitting below error, even though i used short template name

Your certificate request was denied.

Your Request Id is 23. The disposition message is “Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: clientserver. “.

Hey Jermal,

Thanks heaps for this, it worked a treat!

We just upgraded to SHA2 and apparently we can’t use the URL anymore, but rather need to go through the CA utility itself on the server.

Cheers

Thanks for the intial answar how to use the command prompt, the issue is if I use webserver as template name it works fine, but if i user computer/machine/domain controler ,its giving again same error message for example..

So what I did is , 1st I created duplicate of computer template, while creating u will have lot of option, i went to “Subject name tab” and checked the “supply in the request” and apply and save the template and computer1, if u want u can rename the template as computer1 while deleting the older one.

1st changed the duplicate to computer1 template, once its worked fine then we can delete or rename the old template to “old computer” and rename computer1 to only “computer” it should work for every one
Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.