In the CA Web Enrollment website, on the "Submit a Certificate Request or Renewal Request" page (https://<servername>/certsrv/certrqxt.asp) there is a dropbox under the "Certificate Template:" section with values for various certificate template types. I have a custom template that I would like to issue a cert for; how can I get that particular template name to be added to this list, or is it pre-defined by Microsoft and unchangeable?
Add a certificate template type to the “Submit a Certificate Request” page in AD CS Web Enrollment
ad-certificate-services
Related Topic
- Unable to submit certificate request to 2k8R2 CA
- Child domain new cert request – certificate template permissions do not allow current user to enroll 0x80094012
- Windows – How to get an OID for a certificate template
- Security – Submit a certificate request file from a non domain computer. How to figure out policy server parameters
- How to remove the Certificate Enrollment Web Service role
- Active Directory Certificate Services CEP/CES won’t show templates added to CA
Best Answer
Since no one answered and I needed an answer to this one, bucked up and opened a per-incident support ticket with MSFT Support. Per MSFT Support, the Web Enrollment "Certificate Template" dropbox is NOT extensible. It's designed to be a simple way to request/recieve User and Web Server certificates.
I have to use
certlm.msc(Certificate Management for Local Machine), right-click on Personal > Certificates, and choose "All Tasks > Request New Certificate" to be able to choose my custom template. Once the certificate is issued (lands in the Local Machine's Personal Certificates folder) you can then export it as a .pfx, use the .pfx to install the cert to the target machine (don't forget to mark the private key as exportable when you request the cert!) and then delete the already-exported cert out of the local machine's cert store. Ugly, but it works...