In my attempt to submit a CSR for an internally generated Subject Alternative Name Certificate. I encountered the follow issue when attempting to submit it to my domain’s CA
I am using the ‘certreq’ method to enroll the new request. Info on how to do this, found here: http://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx#BKMK_CertEnroll
Each attempt I got the following message:
Certificate not issued (Denied) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.
The request contains no certificate template information. 0x80094801 (-214687591)
Certificate Request Processor: The request contains no certificate template information. 0x80094801 (-2146875391)
Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.
It seems that this custom template was not listed in my certificate authority; but I knew its purpose was for a web server. So by opening the command prompt into the directory of my request file, ran the following command:
certreq -submit -attrib “CertificateTemplate:WebServer” <request.req>
I was prompt for the CA Server name and after selecting it my request was processes and I was issued my certificate.
33 replies on “Custom Certificate Request Errors with 0x80094801”
Thx mate, good work there, you saved my day 🙂
Thank You!
Sir, you helped to save yet another damsel in distress
And… it is I whom are truly thankful for you visiting my notebook/blog site. I enjoy sharing about incidents I run into and my steps to troubleshoot, and resolve them. I’ve been helped via my searches so this way I am able to “pay it forward”
All the best to you,
Jermal
Thanks man, that was realy usefull command (in blue), which really helped me to solve my problems regarding SSL implementation.
Thanks for your feedback. I am glad that my notebook/blog post was able to assist you.
Awesome!!!! Thanks
Hello Jermal,
i need to certificate an ubuntu webserver without a GUI. If i started the openssl code on die webserver and try to install it, i got the same fail. Does anybody know how to install a certificate from ubuntu webserver by an issuing ca? I configured the iis on my ca, but the server can’t view or visit the page.
(And i’m sorry for my bad english – i’m german ^^” )
Sweet! Thank you!
ok
Wonderful!! It saved my day. 🙂
Fantastic! life saver!
i have duplicated webserver template to include client authentication , when i use new template both by CLI and web i am hitting below error, even though i used shorttemaplate names
Your certificate request was denied.
Your Request Id is 23. The disposition message is “Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: clientserver. “.
i have duplicated webserver template to include client authentication , when i use new template both by CLI and web i am hitting below error, even though i used short template name
Your certificate request was denied.
Your Request Id is 23. The disposition message is “Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: clientserver. “.
God bless you man, you saved my week not just the day 🙂
Excellent thanks for the post, solved my issue.
Thanks Again
Yep – solved my issue as well. Thank you!
Thanks. This worked perfectly!
Hey Jermal,
Thanks heaps for this, it worked a treat!
We just upgraded to SHA2 and apparently we can’t use the URL anymore, but rather need to go through the CA utility itself on the server.
Cheers
Thx bud, your info did the job right
Thank you, sir!
Much thanks Jermal.
Awesome work!
Thank you! It helped me with my Exchange 2016 deployment.
How do I make MS Enterprise Certificate Authority actually use a custom template?
Deeply grateful for this. I was getting seriously frustrated with that error and you provided the solution.
MUCH appreciated!!
thank you so much, this has been a huge help!
You are welcome… thanks for the comment
Thanks for the intial answar how to use the command prompt, the issue is if I use webserver as template name it works fine, but if i user computer/machine/domain controler ,its giving again same error message for example..
So what I did is , 1st I created duplicate of computer template, while creating u will have lot of option, i went to “Subject name tab” and checked the “supply in the request” and apply and save the template and computer1, if u want u can rename the template as computer1 while deleting the older one.
1st changed the duplicate to computer1 template, once its worked fine then we can delete or rename the old template to “old computer” and rename computer1 to only “computer” it should work for every one
Thanks
You are the man of the hour. May your progeny be blessed, sir.
Thanks Dude…
Wow – thank you so much for this, you saved my bacon too!
Thank You!!
Thanks a bunch for sharing this with all folks you
really understand what you are talking about! Bookmarked.
Kindly also discuss with my web site =). We
could have a hyperlink change arrangement between us