none
证书颁发机构中证书怎么总是申请无法通过? RRS feed

  • 问题

  • 不是提示

    请求不包含证书模板信息。 0x80094801 (-2146875391 CERTSRV_E_NO_CERT_TYPE)
    被策略模块拒绝  0x80094801, 该请求不包含证书模板扩展或 CertificateTemplate 请求属性。

    就是提示

    ASN1 遇到了不正确的标记值。 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)

    另问:

    证书模板是干什么用的?能不能用这个模板来做证书申请?

    2014年4月4日 13:30

答案

  • 你好,

    首先,您可以尝试这篇KB文章中提到的方法。

    当您提交到企业 CA CSR Windows Server 2003 中使用证书颁发机构 Microsoft 管理控制台 (MMC) 管理单元中,您可能会收到"请求不包含证书模板信息"错误消息

    http://support.microsoft.com/kb/910249/zh-CN

    这个问题也可能是由错误的证书模板权限配置导致的。请按照以下步骤来给予正确的权限。

    1. 打开MMC,添加Snap-in,选择证书模板。

    2. 双击Web Server,切换到Security标签页,选择Authenticated users,给予Enroll权限。

    3. 打开CA控制台,重启CA服务。

    同时,证书模板是用来简化证书颁发的流程以及设定权限。

    Enterprise certification authorities (CAs) use certificate templates to define the format and content of certificates, to specify which users and computers can enroll for which types of certificates, and to define the enrollment process, such as autoenrollment, enrollment only with authorized signatures, and manual enrollment. Associated with each certificate template is a discretionary access control list (DACL) that defines which security principals have permissions to read and configure the template, as well as to enroll or autoenroll for certificates based on the template. The certificate templates and their permissions are defined in Active Directory® Domain Services (AD DS) and are valid within the forest. If more than one enterprise CA is running in the Active Directory forest, permission changes will affect all enterprise CAs.

    Certificate Templates Overview

    http://technet.microsoft.com/zh-CN/library/cc730826(v=ws.10).aspx

    谢谢。


    Jeremy Wu

    TechNet Community Support

    2014年4月8日 16:11
    版主

全部回复

  • 你好,

    首先,您可以尝试这篇KB文章中提到的方法。

    当您提交到企业 CA CSR Windows Server 2003 中使用证书颁发机构 Microsoft 管理控制台 (MMC) 管理单元中,您可能会收到"请求不包含证书模板信息"错误消息

    http://support.microsoft.com/kb/910249/zh-CN

    这个问题也可能是由错误的证书模板权限配置导致的。请按照以下步骤来给予正确的权限。

    1. 打开MMC,添加Snap-in,选择证书模板。

    2. 双击Web Server,切换到Security标签页,选择Authenticated users,给予Enroll权限。

    3. 打开CA控制台,重启CA服务。

    同时,证书模板是用来简化证书颁发的流程以及设定权限。

    Enterprise certification authorities (CAs) use certificate templates to define the format and content of certificates, to specify which users and computers can enroll for which types of certificates, and to define the enrollment process, such as autoenrollment, enrollment only with authorized signatures, and manual enrollment. Associated with each certificate template is a discretionary access control list (DACL) that defines which security principals have permissions to read and configure the template, as well as to enroll or autoenroll for certificates based on the template. The certificate templates and their permissions are defined in Active Directory® Domain Services (AD DS) and are valid within the forest. If more than one enterprise CA is running in the Active Directory forest, permission changes will affect all enterprise CAs.

    Certificate Templates Overview

    http://technet.microsoft.com/zh-CN/library/cc730826(v=ws.10).aspx

    谢谢。


    Jeremy Wu

    TechNet Community Support

    2014年4月8日 16:11
    版主
  • The Problem still,it seems don't help
    2019年2月9日 23:56