Certificate enrollment may not behave as expected when the Windows certificate template includes unsupported settings.
Issue resolution: Verify the certificate template matches the configuration described in Creating and configuring certificate templates. Specifically, the configuration must not include any of the following unsupported settings.
Tab | Unsupported setting |
|---|---|
Any key usage combination containing the following key usages: CRL Sign | |
Publish certificate in Active Directory | |
CA certificate manager approval | |
Required | |
Archive subject's encryption private key | |
Do not include revocation information in issued certificates | |
Do not store certificates and requests in the CA Database |