Monday, November 19, 2012

The request contains no certificate template information

If you want to secure Exchange 2010 with SSL you can have your own Enterprise CA issue a certificate.

However when you try to issue it with the CA MMC, you may receive this error message:


Certificate Request Processor
The request contains no certificate template information. 0x80094801 (-2146875391)

The trick is to use the certreq command-line tool instead. Here is a example of the syntax:

certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt

where WebServerCertReq.txt is the name of the request file from your Exchange certificate.

Thanks to David Rawling and his excellent "Deliberations from Dave" blog. Here is a link to his original post: http://pdconsec.net/certificates-the-request-contains-no-certificate-template.aspx

To generate a CSR from openssl on Linux use this command line:

openssl req -new -newkey rsa:2048 -nodes -out csr_request.csr -keyout privatekey.key -subj "/C=CA/ST=QC/L=MONTREAL/O=domain.com/OU=HEAD OFFICE/CN=host.domain.com"

where:

csr_request.csr: the name of the CSR file generated
privatekey.key: the name of the private key file generated
/C= : country code
/ST : state or province code
/L= : city
/O= : Organisation
/OU= : Organisational Unit
/CN= : The URL you use to access the web server

4 comments:

Anonymous said...

Thank you ...This post helped me to fix my issue as well.

AndyChips said...

Thanks, the certreq command line worked when all else failed!

capua said...

thanks mate, helpful information.

Jarle Georg Tveitan said...

Wow, saved me a lot of trouble :D