Monday, November 19, 2012

The request contains no certificate template information

If you want to secure Exchange 2010 with SSL you can have your own Enterprise CA issue a certificate.

However when you try to issue it with the CA MMC, you may receive this error message:


Certificate Request Processor
The request contains no certificate template information. 0x80094801 (-2146875391)

The trick is to use the certreq command-line tool instead. Here is a example of the syntax:

certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt

where WebServerCertReq.txt is the name of the request file from your Exchange certificate.

Thanks to David Rawling and his excellent "Deliberations from Dave" blog. Here is a link to his original post: http://pdconsec.net/certificates-the-request-contains-no-certificate-template.aspx

To generate a CSR from openssl on Linux use this command line:

openssl req -new -newkey rsa:2048 -nodes -out csr_request.csr -keyout privatekey.key -subj "/C=CA/ST=QC/L=MONTREAL/O=domain.com/OU=HEAD OFFICE/CN=host.domain.com"

where:

csr_request.csr: the name of the CSR file generated
privatekey.key: the name of the private key file generated
/C= : country code
/ST : state or province code
/L= : city
/O= : Organisation
/OU= : Organisational Unit
/CN= : The URL you use to access the web server