Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows Server 2019 / Fix: The Requested Certificate Template is Not Supported by This CA

January 9, 2023

Fix: The Requested Certificate Template is Not Supported by This CA

Let’s say you try to request a certificate from a Windows CA and get an error stating The requested certificate template is not supported by this CA. In my case, the problem occurred when I tried to request a TLS/SSL certificate to secure RDP connections using my RDSH host template.

When I tried to manually request a certificate using a template in the certmgr console, I got the following error:

Request Certificates:
The requested certificate template is not supported by this CA. A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted.

certificate enrollment: The requested certificate template is not supported by this CA. A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted.

One could try requesting a certificate based on a template using PowerShell:

$Cert = Get-Certificate -Template "YourTemplateName" -CertStoreLocation "cert:\CurrentUser\My"

Ending up with another error:

Get-Certificate : CertEnroll::CX509Enrollment::InitializeFromTemplateName: Template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)

And here’s how this error looks in Event Viewer:

EventID: 1064
Source: Terminalservices-RemoteConnectionManager
The RD Session Host server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occurred: The requested certificate template is not supported by this CA.

Windows Server event: The requested certificate template is not supported by this CA

The typical reasons for the “The requested certificate template is not supported by this CA” error are:

  • The certificate template is not published on the CA host. Check if the certificate template you are requesting (either manually or via a GPO) is published on your certificate authority. To display all available templates, run the command certutil –CATemplates . If the template you want is not on the list, just publish it. To do this, run the command certsrv.msc on your CA, then go to Certificate Template -> New -> Certificate template to issue.
    certification authority - publish certificate template
    Also, make sure you specify the correct certificate template name in the Group Policy settings;
  • Check that your object can request the certificate on the Security tab in the ACL certificate template settings. While obtaining a certificate is allowed for Authentication Users by default, this group can be removed from the template manually. Try requesting a certificate for a computer account:certreq -q -machine -enroll YourTemplateName

    If the computer account has no permission to obtain the certificate, you will get the following error:

    Certificate enrollment for Local system could not enroll for a YourTemplateName certificate. A valid certification authority cannot be found to issue this template.

    In this case, be sure to grant permissions to the template for the computer (group) that is supposed to receive the certificate;

    certificate template permissions - allow to enroll and autoenroll

  • Your computer doesn’t trust the CA. If that’s the case, you’ll find the corresponding error in the client’s logs (EventID: The CA certificate XXXXX is not trusted). Make sure the clients trust your CA. The easiest way to do this is to deploy the CA root certificate to the domain computers using a GPO.
0 comment
0
Facebook Twitter Google + Pinterest
Active DirectoryWindows 10Windows Server 2016Windows Server 2019
previous post
How to Remove Hidden/Ghost Network Adapters in Windows
next post
MS SQL Server Setup Stucks on Install/Uninstall

Related Reading

How to Repair EFI/GPT Bootloader on Windows 10...

March 16, 2024

How to Restore Deleted EFI System Partition in...

March 11, 2024

How to Run Program without Admin Privileges and...

June 8, 2023

Fix: Remote Desktop Licensing Mode is not Configured

August 24, 2023

How to Install Remote Server Administration Tools (RSAT)...

March 17, 2024

Refresh AD Groups Membership without Reboot/Logoff

March 15, 2024

How to Repair Windows Boot Manager, BCD and...

March 11, 2024

How to Find the Source of Account Lockouts...

March 12, 2024

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Configuring Windows Protected Print Mode (WPP)

    May 19, 2025
  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Configure Google Chrome Settings with Group Policy
  • Allow Non-admin Users RDP Access to Windows Server
  • How to Disable or Enable USB Drives in Windows using Group Policy
  • How to Find the Source of Account Lockouts in Active Directory
  • Get-ADComputer: Find Computer Properties in Active Directory with PowerShell
  • Adding Domain Users to the Local Administrators Group in Windows
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top